Restrict users view to FTP assigned folder rights

[atkinsom]

I'm using the latest Merlin firmware. I've setup the routers builtin FTP server on my AC66u and everything works correctly with respect to user access to folders. However, I was wondering if there's a way where based upon login the user gets taken to their home/assigned folders directly and thus do not see all the other folders on the ftp server. I don't want users clicking every visible folder and getting an access is denied until they get to the right one. Thanks for any insights.

 

[ColinTaylor]

Seems to working fine for me.

I'm assuming you're not using "Allow anonymous login", in which case selecting a particular user and folder and the setting its permissions to "No" makes it invisible for that user.

 

[atkinsom]

No anonymous login allowed on the ftp server....it's weird because every folder is set to no except for one folder for 1 user. I'll try disabling guest login allowed on samba shares to see if it changes anything on the ftp side...

 

[atkinsom]

Well i tried fiddling with samba shares as well just in case but nothing changes. All ftp folders are visible when the user logs in however he can only access the one assigned folder. See screen shots below illustrating my points..oh well I'll live with it if I have to but would love to know why.

 

[ColinTaylor]

Seems to working fine for me.

Apologies, I was wrong. I hadn't hit refresh in FileZilla!

 

[atkinsom]

Just wondering if it's been this way all along or something changed with the latest firmware. I only just started using FTP on the router itself and don't want to go backwards with firmware if the issue has been there all along...thanks for any responses.

 

[RMerlin]

FTP servers don't hide inaccessible folders AFAIK.

The closest you could get assuming you are using multiple users would be to chroot each user into his own home directory. According to the vsftpd documentation, this is achieved by adding this to the config file:

chroot_local_user=YES

You would of course also need to have valid home directories defined for all these users.

 

[RMerlin]

Looks like Asus is already enabling chroot_local_user in the vsftpd configuration.

 

[atkinsom]

Anyone know a quick way to restart the FTP daemon on the Asus router after you've made a change to the VSFTPD conf file short of rebooting? thanks

 

[ColinTaylor]

service restart_ftpd

 

[atkinsom]

ok I'm going crazy here...every time I add a new entry to the vsftpd.conf file it saves correctly...I restart the service and any changes I've made are gone...any ideas. See below for the entry I'm trying to add into the conf file to restrict users to their home directory. Thanks

chroot_list_file=/etc/vsftpd.chroot_list

 

[ColinTaylor]

Yes that's right. Annoying isn't it. It's because "service restart_ftpd" runs the ASUS scripts that recreate the vsftpd.conf file.

You have 2 options:

1) Find the PID of the vsftpd process. "kill -9" it and then "vsftpd /etc/vsftpd.conf &"
or
2) Probably the way it's meant to be done. Create a script called /jffs/scripts/vsftpd.postconf similar to this:

#!/bin/sh

logger -t $(basename $0) $1

CONFIG=$1
source /usr/sbin/helper.sh

pc_append  "xferlog_file=/tmp/xfer.log" $CONFIG
pc_replace "xferlog_enable=NO" "xferlog_enable=YES" $CONFIG
pc_replace "syslog_enable=NO"  "syslog_enable=YES"  $CONFIG

Then use "service restart_ftpd"

 

[SSovets]

I'm still having this problem with the FTP users seeing all the directories on the USB drive, even though chroot_local_user is set to YES in the /etc/vsftpd.conf file (it was enabled from the beginning). Is there another setting that controls that?

L.E. It seems I just can't define the home directory, every time I use the "usermod -d" command, my server just doesn't start. Maybe I'm not defining the path correctly? I tried directly to the drive (/sda2/user_folder/) and with /tmp/mnt in front, nothing works...

 

[Yah]

Same issue here. I created custom /jffs/configs/vsftpd.conf file. It mostly same as original one generated by the firmware in etc folder, just added

local_root=/mnt/USB_DISK/www/$USER/
user_sub_token=$USER

When I connect with windows ftp client it connects and sets initial folder location as in the config, but I can change dir below it. Android Total Commander FTP client doesn't respect that and goes to the root of USB.

I checked /etc/passwd file with users and all users added do not have user root set. To set each user root folder I created passwd.postconf script to replace each user definition, but after a reboot passwd file was unchanged. I even tried pc_insert and that also didn't work. I made sure that script has X privilege to get executed and system log also indicated that postconf script launched.

Can anyone suggest how to change user home directory to test if that resolves original vsftpd issue?
Thanks

 

[Alkuimista]

Did anyone get a solution for this?

Thanks

 

[ColinTaylor]

I don't think it's possible with the built-in FTP server because of the way Asus have modified it. You could install entware-ng and then another FTP server, like proFTPD or PureFTPd (or even a "normal" version of vsftpd). But then you wouldn't be able to manage it through the web interface.

 

[tombono]

Hi,

I decided to write in this topic.

I have usb mounted and running FTP.
After entering through ftp I can see the contents of my pendrive, i.e. / USB / DATA / FILES

Is it possible to do this in merlin so that the user can immediately enter ftp to see the content available / FILES, and not as before / USB / DATA / FILES?

Like it works in Tomato.

thanks and regards
mpl