mark17
We are trying to make 'FTP over SSL Explicit' connections to a Redhat RHEL 5.2 Server running a vsftpd service. We have been able to make 'Normal FTP' and 'FTP over SSL Explicit' connections.
The problem arises when we try to limit the FTP client access the user's initial login directory. We are trying to provide limited access to an FTP directory tree in the username's home directory (in this case: /var/ftp/user).
Currently, once either the 'Normal FTP' or the 'FTP over SSL Explicit' is connected, the SmartFTP interface (and vsftpd server) allows the client free access to the entire server directory.
We want to allow access to just the user directory and subdirectories. We have tried setting the vsftpd server up to lock the ftp client into their home directory. We think this is done by configuring "chroot_local_user=NO" in the vsftpd.config file. When we do this, FTP client access is indeed restricted.
Unfortunately, SmartFTP 3.0 appears to be boloxed because it can't get to /var/ftp/user upon initial connection. The error generated is: "550 Failed to change directory". See below:
[14:23:11] SmartFTP v3.0.1023.4
[14:23:12] Resolving host name "xx.xx.xxx.xxx"
[14:23:12] Connecting to xx.xx.xxx.xxx Port: 21
[14:23:14] Connected to xx.xx.xxx.xxx.
[14:23:15] 220 Welcome to Our Secure SFTP Server.
[14:23:15] AUTH TLS
[14:23:16] 234 Proceed with negotiation.
[14:23:16] Connected. Exchanging encryption keys...
[14:23:18] Session Cipher: 168 bit 3DES
[14:23:18] TLS encrypted session established.
[14:23:18] PBSZ 0
[14:23:19] 200 PBSZ set to 0.
[14:23:19] USER user
[14:23:20] 331 Please specify the password.
[14:23:20] PASS (hidden)
[14:23:22] 230 Login successful.
[14:23:22] SYST
[14:23:23] 215 UNIX Type: L8
[14:23:23] Detected Server Type: UNIX
[14:23:23] FEAT
[14:23:23] 211-Features:
[14:23:23] AUTH SSL
[14:23:23] AUTH TLS
[14:23:23] EPRT
[14:23:23] EPSV
[14:23:23] MDTM
[14:23:23] PASV
[14:23:24] PBSZ
[14:23:24] PROT
[14:23:24] REST STREAM
[14:23:24] SIZE
[14:23:24] TVFS
[14:23:24] 211 End
[14:23:24] PWD
[14:23:24] 257 "/"
[14:23:24] CWD /var/ftp/user
[14:23:25] 550 Failed to change directory.
[14:23:25] CWD /var/ftp
[14:23:25] 550 Failed to change directory.
Again everything is all set if we do not try to limit the FTP clients access to the server's directory tree. Do you have any suggestions ?
Any help is appreciated.
The problem arises when we try to limit the FTP client access the user's initial login directory. We are trying to provide limited access to an FTP directory tree in the username's home directory (in this case: /var/ftp/user).
Currently, once either the 'Normal FTP' or the 'FTP over SSL Explicit' is connected, the SmartFTP interface (and vsftpd server) allows the client free access to the entire server directory.
We want to allow access to just the user directory and subdirectories. We have tried setting the vsftpd server up to lock the ftp client into their home directory. We think this is done by configuring "chroot_local_user=NO" in the vsftpd.config file. When we do this, FTP client access is indeed restricted.
Unfortunately, SmartFTP 3.0 appears to be boloxed because it can't get to /var/ftp/user upon initial connection. The error generated is: "550 Failed to change directory". See below:
[14:23:11] SmartFTP v3.0.1023.4
[14:23:12] Resolving host name "xx.xx.xxx.xxx"
[14:23:12] Connecting to xx.xx.xxx.xxx Port: 21
[14:23:14] Connected to xx.xx.xxx.xxx.
[14:23:15] 220 Welcome to Our Secure SFTP Server.
[14:23:15] AUTH TLS
[14:23:16] 234 Proceed with negotiation.
[14:23:16] Connected. Exchanging encryption keys...
[14:23:18] Session Cipher: 168 bit 3DES
[14:23:18] TLS encrypted session established.
[14:23:18] PBSZ 0
[14:23:19] 200 PBSZ set to 0.
[14:23:19] USER user
[14:23:20] 331 Please specify the password.
[14:23:20] PASS (hidden)
[14:23:22] 230 Login successful.
[14:23:22] SYST
[14:23:23] 215 UNIX Type: L8
[14:23:23] Detected Server Type: UNIX
[14:23:23] FEAT
[14:23:23] 211-Features:
[14:23:23] AUTH SSL
[14:23:23] AUTH TLS
[14:23:23] EPRT
[14:23:23] EPSV
[14:23:23] MDTM
[14:23:23] PASV
[14:23:24] PBSZ
[14:23:24] PROT
[14:23:24] REST STREAM
[14:23:24] SIZE
[14:23:24] TVFS
[14:23:24] 211 End
[14:23:24] PWD
[14:23:24] 257 "/"
[14:23:24] CWD /var/ftp/user
[14:23:25] 550 Failed to change directory.
[14:23:25] CWD /var/ftp
[14:23:25] 550 Failed to change directory.
Again everything is all set if we do not try to limit the FTP clients access to the server's directory tree. Do you have any suggestions ?
Any help is appreciated.