0

I have a vsftpd installation with chroot enabled and root access disabled. Everything work flawlessy, but I need to accomplish this.

When user1 log into ftps, it log in /home/user1. Same for user2, user3 and so on. I want to have user1_viewer which log into ftps but chrooted in /home/user1 (and NOT /home/user1_viewer) automatically with read only privileges.

Is this possible?

Workarounds accepted :)

Wyatt Gillette
  • 105
  • 4

1 Answers1

0

Change the home folder for user1_viewer to /home/user1.

usermod -d /home/user1 user1_viewer

So long as you have the permissions set right and ownership of the file is on user1 and not user1_viewer (which should already be set) you don't have to worry about user1_viewer modifying anything in the folder.

Yay! It worked! Needs to be executable... So the right answer, mixing your answers and tips, is: usermod -d /home/user1 user1_viewer and then setfacl -R -m u:user1_viewer:rx /home/user1 Thanks a lot guys! malan maybe u can update your answer including @DanilaLadner tip!

--Per Asker

mas
  • 116
  • 4
  • that should work since each user's jail is derived from their home directory string in /etc/passwd. – Danila Ladner May 03 '18 at 12:20
  • uhm output here is: "OOPS: cannot change directory:/home/user1" (WinSCP) With ownership set to user1 as you said So it reads user2's home correctly but cannot CD there... – Wyatt Gillette May 03 '18 at 12:23
  • Did you sudo? I forgot to include that in the command: https://unix.stackexchange.com/questions/259791/how-to-change-the-home-directory-of-the-currently-logged-in-user – mas May 03 '18 at 12:28
  • Yes I sudo (i'm root), but the command is correctly executed...is the ftp client that give me that output The home is correctly changed but with ftp i can't connect due to that output – Wyatt Gillette May 03 '18 at 12:32
  • you would need to setup ACLS for user1_viewer to have read access of home dir of user1 – Danila Ladner May 03 '18 at 12:32
  • Why couldn't you just make the permissions for the folder 755? As long as other is set to read and execute it shouldn't be a problem. Wyatt: what directory is showing when you winscp in as user2? – mas May 03 '18 at 12:45
  • Because you will break ssh with 755 on home directory – Danila Ladner May 03 '18 at 12:48
  • With permission 755 same error shows up... when i winscp in as user2, after doing usermod as shown by you, it appears "OOPS: cannot change directory:/home/user1" @DanilaLadner i did setfacl -m u:user2:r /home/user1 but same error appears – Wyatt Gillette May 03 '18 at 12:49
  • also needs to be executable, also check selinux please. – Danila Ladner May 03 '18 at 12:54
  • Yay! It worked! Needs to be executable... So the right answer, mixing your answers and tips, is: "usermod -d /home/user1 user1_viewer" and then "setfacl -R -m u:user1_viewer:rx /home/user1" Thanks a lot guys! malan maybe u can update your answer including @DanilaLadner tip! – Wyatt Gillette May 03 '18 at 13:00
  • This is starting to get over my head, Danila seems to know what he's talking about and I'd rely on him now, but this might help: https://nurikabe.blog/2009/06/15/defeating-vsftp-error-500-oops-cannot-change-directorysomedirectory/ It references SELinux being the cause of that problem, just like Danila says. – mas May 03 '18 at 13:01
  • Read carefully my last comment, the problem was in the ACLS, and now it's solved and it's working as a charm ^_^ Thanks to you both! – Wyatt Gillette May 03 '18 at 13:06