Re: 2 more questions on VSFTP setup

[Bob McClure Jr <robertmcclure earthlink net>]

On Sun, Jun 01, 2003 at 08:31:40PM -0700, Young Yuen wrote:
> after initial setup I have following problems
> 
> 1) ftp on local machine is ok, but from any other
> machine on LAN is refused. ping to/from other machines
> is ok.

As root, do the following

  service vsftpd status

If you get

vsftpd is stopped

then

  service vsftpd start
  chkconfig vsftpd on

The first command starts it right now.  The second assures it will
start at the next boot.

But if it was already running, make sure you have allowed ftp in
through your firewall.  See also

http://www.rhil.net/docs/faq.html#firewall
http://www.rhil.net/docs/faq.html#connecting

> 2) ftp users are allowed to chdir to upper (parrent)
> directories. Is there a way to disallow that?

Yes.  In /etc/vsftpd/vsftpd.conf, find the lines

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list

If you want to restrict a few, make the /etc/vsftpd.chroot_list file,
containing the userids of those to be restricted.  If you want to
restrict everyone, or all but a few, remove the "#" from the
chroot_list_enable line.

After you've made your changes,

  service vsftpd reload

> Thanks in advance.
> Young

Cheers,
-- 
Bob McClure, Jr.             Bobcat Open Systems, Inc.
robertmcclure earthlink net  http://www.cumbytel.com/~bobcatos/
"In theory, practice and theory are the same, but in practice they are 
 different." - Larry McVoy