On Mon, Feb 28, 2011 at 05:53:34PM +0200, Eero Volotinen wrote:
> 2011/2/28 Yang Yang :
> > hi,i have a question want to ask
> >
> > if i add a user like:
> >
> > useradd test
> > groupadd test -g www
> >
> > and how to control user test only can see and write only folder(like
> > /home/htdocs/test
On 03/01/2011 11:53 PM, Nico Kadel-Garcia wrote:
> On Mon, Feb 28, 2011 at 10:53 AM, Eero Volotinen
> wrote:
>> 2011/2/28 Yang Yang:
>>> hi,i have a question want to ask
>>>
>>> if i add a user like:
>>>
>>> useradd test
>>> groupadd test -g www
>>>
>>> and how to control user test only can see
On Tue, Mar 01, 2011 at 08:16:52PM -0500, Nico Kadel-Garcia wrote:
> > 2011/3/1 Stephen Harris :
> >> OpenSSH5 requires nothing inside the jail area for chroot sftp; that's
> >> why it's "sftp-internal".
> They got that ***working***? I thought Theo had sworn that chroot
> cages would never be sup
On Tue, Mar 1, 2011 at 10:16 PM, Barry Brimer wrote:
>> On 03/01/11 6:38 PM, Barry Brimer wrote:
>>> It is possible to instruct the FTPS client to keep the control channel in
>>> the
>>> clear so that firewalls that need to adjust to the ports being used can
>>> listen
>>> in on the conversation
> On 03/01/11 6:38 PM, Barry Brimer wrote:
>> It is possible to instruct the FTPS client to keep the control channel in the
>> clear so that firewalls that need to adjust to the ports being used can
>> listen
>> in on the conversation. The FTPS server has to agree to allow this to
>> happen.
>
>
On 03/01/11 6:38 PM, Barry Brimer wrote:
> It is possible to instruct the FTPS client to keep the control channel in the
> clear so that firewalls that need to adjust to the ports being used can listen
> in on the conversation. The FTPS server has to agree to allow this to happen.
aren't usernam
> > and, worse, since the control channel is encrypted, this can't be done
> > via a port monitor that sniffs and modifies 'port' commands, so this
> > causes problems at BOTH ends of a NAT
>
> Could it be that the iptables ftp conntrack and nat modules does not
> work with ftps because of this ?
On 03/01/11 6:10 PM, Markus Falb wrote:
>> and, worse, since the control channel is encrypted, this can't be done
>> > via a port monitor that sniffs and modifies 'port' commands, so this
>> > causes problems at BOTH ends of a NAT
> Could it be that the iptables ftp conntrack and nat modules does
On 2.3.2011 03:00, John R Pierce wrote:
> On 03/01/11 5:55 PM, Markus Falb wrote:
>> On 2.3.2011 02:15, Nico Kadel-Garcia wrote:
>>
>>> I know FTP can be a nightmare: I thought FTPS had pretty much
>>> addressed the separate data and control channel issues, or am I
>>> profoundly mistaken?
>> Runni
On 03/01/11 5:55 PM, Markus Falb wrote:
> On 2.3.2011 02:15, Nico Kadel-Garcia wrote:
>
>> I know FTP can be a nightmare: I thought FTPS had pretty much
>> addressed the separate data and control channel issues, or am I
>> profoundly mistaken?
> Running ftp over ssl is not changing the ftp protocol
On 2.3.2011 02:15, Nico Kadel-Garcia wrote:
> I know FTP can be a nightmare: I thought FTPS had pretty much
> addressed the separate data and control channel issues, or am I
> profoundly mistaken?
Running ftp over ssl is not changing the ftp protocol. SSL or not, there
are the same "open up a bun
> I got vsftpd and httpd/mod_dav playing together well some years back,
> for someone who *insisted* on retaining FTP access for certain uses.
> It was a fascinating adventure to get them to play nicely.
I cannot recommend proftpd for anyone, due it's poor security track..
--
Eero
___
On Tue, Mar 1, 2011 at 9:20 AM, Eero Volotinen wrote:
> 2011/3/1 Stephen Harris :
>> On Tue, Mar 01, 2011 at 07:53:21AM -0500, Nico Kadel-Garcia wrote:
>>> No, sftp is actually supported, somewhat, in OpenSSH 5 for this to
>>> work well, which is not in CentOS 5, and integrating it to CentOS 5 is
On Tue, Mar 1, 2011 at 7:58 AM, Ray Van Dolson wrote:
> On Tue, Mar 01, 2011 at 07:53:21AM -0500, Nico Kadel-Garcia wrote:
>> On Mon, Feb 28, 2011 at 10:53 AM, Eero Volotinen
>> wrote:
>> > 2011/2/28 Yang Yang :
>> >> hi,i have a question want to ask
>> >>
>> >> if i add a user like:
>> >>
>> >>
On 2/03/2011, at 3:20 AM, Eero Volotinen wrote:
> Is it possible to only chroot some users, not all.
Yes, you can you use a Match block -- see sshd_config(5) -- to conditionally
set the ChrootDirectory option.
Cheers,
Cameron
___
CentOS mailing list
C
2011/3/1 Stephen Harris :
> On Tue, Mar 01, 2011 at 07:53:21AM -0500, Nico Kadel-Garcia wrote:
>> No, sftp is actually supported, somewhat, in OpenSSH 5 for this to
>> work well, which is not in CentOS 5, and integrating it to CentOS 5 is
>> problematic. It's also awkward to maintain, the chroot ca
On Tue, Mar 01, 2011 at 07:53:21AM -0500, Nico Kadel-Garcia wrote:
> No, sftp is actually supported, somewhat, in OpenSSH 5 for this to
> work well, which is not in CentOS 5, and integrating it to CentOS 5 is
> problematic. It's also awkward to maintain, the chroot cages require
> the relevant bina
On 1.3.2011 13:53, Nico Kadel-Garcia wrote:
> On Mon, Feb 28, 2011 at 10:53 AM, Eero Volotinen
> wrote:
>> scponly chrooted is the easiest way.
>
> No, sftp is actually supported, somewhat, in OpenSSH 5 for this to
> work well, which is not in CentOS 5, and integrating it to CentOS 5 is
> probl
Ray Van Dolson wrote:
>
> ProFTPD may be a good option as well. It should have a mod_sftp module
> which theoretically could be used in tandem with ProFTPD's native
> chroot'ing stuff. Never tried it though.
I have - works well. You get all the fine-grain configuration options
that ProFTPD has
On Tue, Mar 01, 2011 at 07:53:21AM -0500, Nico Kadel-Garcia wrote:
> On Mon, Feb 28, 2011 at 10:53 AM, Eero Volotinen
> wrote:
> > 2011/2/28 Yang Yang :
> >> hi,i have a question want to ask
> >>
> >> if i add a user like:
> >>
> >> useradd test
> >> groupadd test -g www
> >>
> >> and how to cont
On Mon, Feb 28, 2011 at 10:53 AM, Eero Volotinen wrote:
> 2011/2/28 Yang Yang :
>> hi,i have a question want to ask
>>
>> if i add a user like:
>>
>> useradd test
>> groupadd test -g www
>>
>> and how to control user test only can see and write only folder(like
>> /home/htdocs/test,he can not see
2011/2/28 Yang Yang :
> hi,i have a question want to ask
>
> if i add a user like:
>
> useradd test
> groupadd test -g www
>
> and how to control user test only can see and write only folder(like
> /home/htdocs/test,he can not see /home/htdocs or other folder)
for example using chrooted scponly or
hi,i have a question want to ask
if i add a user like:
useradd test
groupadd test -g www
and how to control user test only can see and write only folder(like
/home/htdocs/test,he can not see /home/htdocs or other folder)
thanks very much
___
CentOS m
23 matches
Mail list logo
