Hi all, I have been trying to set up an ftp server using vsftpd. I am trying to set it up so that each user has their own ftp folder and when they log in they access only this folder by default. Sounds simple enough, but I have come across two problems: * The $user environment variable does not seem to be recognised by vsftpd (i.e. set the authenticated users folder to /srv/ftp/$user). * vsftpd does not appear to be recognising acls -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Sunday 21 Apr 2013 22:02:27 Paul Groves wrote:
Hi all,
I have been trying to set up an ftp server using vsftpd. I am trying to set it up so that each user has their own ftp folder and when they log in they access only this folder by default.
Sounds simple enough, but I have come across two problems: * The $user environment variable does not seem to be recognised by vsftpd (i.e. set the authenticated users folder to /srv/ftp/$user). * vsftpd does not appear to be recognising acls
Hi Paul, Try $USER all caps. -- Ritchie Fraser -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Hi Ritchie, I did try it in caps and lowercase, same issue with both. Paul Groves On 21 Apr 2013, at 23:43, "Ritchie Fraser" <euphogeeza@gmail.com> wrote:
On Sunday 21 Apr 2013 22:02:27 Paul Groves wrote:
Hi all,
I have been trying to set up an ftp server using vsftpd. I am trying to set it up so that each user has their own ftp folder and when they log in they access only this folder by default.
Sounds simple enough, but I have come across two problems: * The $user environment variable does not seem to be recognised by vsftpd (i.e. set the authenticated users folder to /srv/ftp/$user). * vsftpd does not appear to be recognising acls
Hi Paul,
Try $USER all caps.
-- Ritchie Fraser -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Paul Groves wrote:
Hi all,
I have been trying to set up an ftp server using vsftpd. I am trying to set it up so that each user has their own ftp folder and when they log in they access only this folder by default.
I have such a setup, but I use the home directory as the default. -- Per Jessen, Zürich (16.7°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
I did try that at first but didn't manage to work out how. The home directory would be ok to use as the users only log on via FTP. How have you configured this? Paul Groves On 24 Apr 2013, at 19:37, "Per Jessen" <per@computer.org> wrote:
Paul Groves wrote:
Hi all,
I have been trying to set up an ftp server using vsftpd. I am trying to set it up so that each user has their own ftp folder and when they log in they access only this folder by default.
I have such a setup, but I use the home directory as the default.
-- Per Jessen, Zürich (16.7°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Paul Groves wrote:
I did try that at first but didn't manage to work out how. The home directory would be ok to use as the users only log on via FTP.
How have you configured this?
Paul Groves
Hi Paul this is it: write_enable=yes dirmessage_enable=no nopriv_user=ftpsecure hide_ids=YES local_enable=YES chroot_local_user=YES anonymous_enable=no anon_world_readable_only=YES syslog_enable=YES connect_from_port_20=YES ascii_upload_enable=YES pasv_enable=yes pam_service_name=vsftpd listen=YES ssl_enable=NO allow_writeable_chroot=YES -- Per Jessen, Zürich (9.5°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
As I think this has not yet mentioned before (or I missed it):
On April 25, 2013 at 7:37 AM Per Jessen <per@computer.org> wrote: write_enable=yes
Please only use it on a _really safe_ network - with FTP, everybody can read passwords going over the line. FTP may still be okay for anonymous downloading, but access with regular user accounts is not something you want to have nowadays. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Bernhard Voelker wrote:
As I think this has not yet mentioned before (or I missed it):
On April 25, 2013 at 7:37 AM Per Jessen <per@computer.org> wrote: write_enable=yes
Please only use it on a _really safe_ network - with FTP, everybody can read passwords going over the line. FTP may still be okay for anonymous downloading, but access with regular user accounts is not something you want to have nowadays.
Hi Berny for a public webhoster, how else would you do it? I guess SFTP would be a better option. Is SFTP well supported by clients everywhere? /Per -- Per Jessen, Zürich (15.7°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
I would like to look at using SFTP buy cannot get my head around SSL on open SUSE. If I am correct, I believe that creating certificates and keys can be done using yast2-ca-management but I have been unsuccessful in doing so. I want to be able to use SSL with FTP and Apache. Has anyone experience with this? Paul Groves On 25 Apr 2013, at 10:21, "Per Jessen" <per@computer.org> wrote:
Bernhard Voelker wrote:
As I think this has not yet mentioned before (or I missed it):
On April 25, 2013 at 7:37 AM Per Jessen <per@computer.org> wrote: write_enable=yes
Please only use it on a _really safe_ network - with FTP, everybody can read passwords going over the line. FTP may still be okay for anonymous downloading, but access with regular user accounts is not something you want to have nowadays.
Hi Berny
for a public webhoster, how else would you do it? I guess SFTP would be a better option. Is SFTP well supported by clients everywhere?
/Per
-- Per Jessen, Zürich (15.7°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Paul Groves wrote:
On 25 Apr 2013, at 10:21, "Per Jessen" <per@computer.org> wrote:
Bernhard Voelker wrote:
As I think this has not yet mentioned before (or I missed it):
On April 25, 2013 at 7:37 AM Per Jessen <per@computer.org> wrote: write_enable=yes
Please only use it on a _really safe_ network - with FTP, everybody can read passwords going over the line. FTP may still be okay for anonymous downloading, but access with regular user accounts is not something you want to have nowadays.
Hi Berny
for a public webhoster, how else would you do it? I guess SFTP would be a better option. Is SFTP well supported by clients everywhere?
I would like to look at using SFTP buy cannot get my head around SSL on open SUSE.
If I am correct, I believe that creating certificates and keys can be done using yast2-ca-management but I have been unsuccessful in doing so. I want to be able to use SSL with FTP and Apache. Has anyone experience with this?
Paul Groves
Hi Paul, first of all, rather than top-post, it's better to respond in-line as I do. Second, there isn't really much to getting to use SSL with Apache (or FTP). Said another way, it's not as complicated as it might appear, but you will need to spend some time studying it. I don't know what yast does for certificates, I've never used that functionality. -- Per Jessen, Zürich (23.7°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On April 25, 2013 at 5:47 PM Paul Groves <p-groves@hotmail.co.uk> wrote: I would like to look at using SFTP buy cannot get my head around SSL on open SUSE.
If I am correct, I believe that creating certificates and keys can be done using yast2-ca-management but I have been unsuccessful in doing so. I want to be able to use SSL with FTP and Apache. Has anyone experience with this?
Hi Paul, SFTP has nothing to do with Apache; it is handled by the SSH daemon. It should work out of the box (when sshd is running) with the user's normal passwords, or with the SSH key files if set up. $ man ssh; man sshd; man sshd_config Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2013-04-29 at 09:04 +0200, Bernhard Voelker wrote: El 2013-04-29 a las 09:04 +0200, Bernhard Voelker escribió:
On April 25, 2013 at 5:47 PM Paul Groves <> wrote: I would like to look at using SFTP buy cannot get my head around SSL on open SUSE.
If I am correct, I believe that creating certificates and keys can be done using yast2-ca-management but I have been unsuccessful in doing so. I want to be able to use SSL with FTP and Apache. Has anyone experience with this?
Hi Paul,
SFTP has nothing to do with Apache; it is handled by the SSH daemon. It should work out of the box (when sshd is running) with the user's normal passwords, or with the SSH key files if set up. $ man ssh; man sshd; man sshd_config
Yes, but vsftpd also has ssl configuration. ssl_enable If enabled, and vsftpd was compiled against OpenSSL, vsftpd will support secure connections via SSL. This applies to the control connection (including login) and also data connections. You'll need a client with SSL support too. NOTE!! Beware enabling this option. Only enable it if you need it. vsftpd can make no guar- antees about the security of the OpenSSL libraries. By enabling this option, you are declaring that you trust the security of your installed OpenSSL library. Default: NO However, the name is still "ftp", so it is not that simple to know if you are using a secured connection or not, or to enforce it. The name "sftp" refers to file transfer over ssh procedures, it is a different thing. IMHO, they should have used a different name. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlF+fYUACgkQtTMYHG2NR9VwdwCfRQ7CqD0RtCWGxuZTTpkJJDda 99IAoJUPn7/U7/6VB59iBd0r69Fd15xr =dJdP -----END PGP SIGNATURE-----
Carlos E. R. wrote:
On Monday, 2013-04-29 at 09:04 +0200, Bernhard Voelker wrote:
El 2013-04-29 a las 09:04 +0200, Bernhard Voelker escribió:
On April 25, 2013 at 5:47 PM Paul Groves <> wrote: I would like to look at using SFTP buy cannot get my head around SSL on open SUSE.
If I am correct, I believe that creating certificates and keys can be done using yast2-ca-management but I have been unsuccessful in doing so. I want to be able to use SSL with FTP and Apache. Has anyone experience with this?
Hi Paul,
SFTP has nothing to do with Apache; it is handled by the SSH daemon. It should work out of the box (when sshd is running) with the user's normal passwords, or with the SSH key files if set up. $ man ssh; man sshd; man sshd_config
Yes, but vsftpd also has ssl configuration.
Yeah, but this is apparently referred to as FTPS.
However, the name is still "ftp", so it is not that simple to know if you are using a secured connection or not, or to enforce it.
There is a setting in vsftpd.conf that will enforce it. I'm still curious about the level of level of client support - Firefox supports/recognises sftp://, but I haven't tested it. -- Per Jessen, Zürich (12.6°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2013-04-29 at 18:15 +0200, Per Jessen wrote:
Carlos E. R. wrote:
Yes, but vsftpd also has ssl configuration.
Yeah, but this is apparently referred to as FTPS.
Ah, right, that's the name.
However, the name is still "ftp", so it is not that simple to know if you are using a secured connection or not, or to enforce it.
There is a setting in vsftpd.conf that will enforce it.
I have not tried to use it myself. I know that it exists, but that's it. I should have a go one day.
I'm still curious about the level of level of client support - Firefox supports/recognises sftp://, but I haven't tested it.
Indeed. The manual page of my ftp client doesn't mention ssl. It is "lftp". Huh, no, it is "lukemftp", the man for lftp does mention ssl. - -- Cheers, Carlos E. R. (from 12.1 x86_64 "Asparagus" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAlF+ntIACgkQtTMYHG2NR9Ub2gCfbHX8m9tKwroSdSYzyDRSTeab Q70An3Vq7R2mX5EtGUbHueQub3kk/Hu+ =v1d1 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 04/24/2013 09:15 PM, Paul Groves wrote:
I did try that at first but didn't manage to work out how. The home directory would be ok to use as the users only log on via FTP.
How have you configured this?
Paul Groves
On 24 Apr 2013, at 19:37, "Per Jessen" <per@computer.org> wrote:
Paul Groves wrote:
Hi all,
I have been trying to set up an ftp server using vsftpd. I am trying to set it up so that each user has their own ftp folder and when they log in they access only this folder by default. I have such a setup, but I use the home directory as the default.
-- Per Jessen, Zürich (16.7°C) http://www.dns24.ch/ - free DNS hosting, made in Switzerland.
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
N�����r��y隊Z)z{.�ﮞ˛���m�)z{.��+�: �{Zr�az�'z��j)h���Ǿ� ޮ�^�ˬz�
Hi Paul, It sounds like you would want to setup vsftp with virtual users since the users don't have to be system users. It's a bit of work, but not too difficult. There's a good description here (BTW, it also explains ssl with ftp): http://ubuntuforums.org/showthread.php?t=518293 Not sure, but you may need to subcribe or become member of the forum first before you can read this. The description is for Ubuntu, and I set it up for one of my company's customers on Red Hat without any problems. Should work for SUSE too. regards, Marcel -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (6)
-
Bernhard Voelker -
Carlos E. R. -
Marcel Broekman -
Paul Groves -
Per Jessen -
Ritchie Fraser