vsftpd question(s)

Discuss Networking
Post Reply
User avatar
xyle_one
programmer
programmer
Posts: 129
Joined: Mon Jan 13, 2003 1:02 pm
Contact:

vsftpd question(s)

Post by xyle_one »

I have vsftpd setup and all the users are chrooted to their home directories. Now, when i type in my browser or ftp client ftp://user@domain and put the password in it works. Great. That is perfect. But. i have 3 sites, 3 users. When i type ftp://user1@domain2 and use user ones password it takes me to user1's directory. can i set it up so that i cant even log in if the domain doesnt belong to the user? it is sorta wierd that i can use any domain i host to log in. I would like it so that is not the case. If i want to log into user1's directory i only want to be able to do by using ftp://user1@domain1. I mean, it works fine the way it is, it just seems kind of strange that it is working the way it is. Any thoughts?? thanks :)

X11
guru
guru
Posts: 676
Joined: Sun Jan 19, 2003 11:09 pm
Location: Australia
Contact:

Post by X11 »

Why do you need 3 different domains? And otherwise im not sure.

User avatar
xyle_one
programmer
programmer
Posts: 129
Joined: Mon Jan 13, 2003 1:02 pm
Contact:

Post by xyle_one »

X11 wrote:Why do you need 3 different domains? And otherwise im not sure.
um. i am hosting 2 sites for some freinds and one for me. maybe domain was the wrong word? so i have three different sites & three different users.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Hmmm, not sure why you would want to do that as the users can get to the stuff they need via their own domain name. Having said that there does appear to be a way you can do this although not directly by setting something in the vsftpd.conf file. I believe it also may mean multiple IP addresses on the same machine and I don't know that you want to go that far. ProFTPD is a lot more configurable but I'm not sure that it can do it either.

The reason you can't really do name based virtual hosts with FTP like you can with a web server is because the client for a web server (usually a browser) gives up certain information, like what URL it used to get to where it got. FTP clients are not as smart as browsers and do not send this type of information to the FTP server process (well a browser could but it is more likely that a regular FTP client would be used). Again, there may be a way to do it, but not that I am aware of. The only way I can think of is if you use multiple IP addresses and point your different domain names to separate IPs.
Last edited by Void Main on Fri Jul 04, 2003 7:13 am, edited 1 time in total.

User avatar
xyle_one
programmer
programmer
Posts: 129
Joined: Mon Jan 13, 2003 1:02 pm
Contact:

Post by xyle_one »

okay, sounds good. I just seemed odd that i could login with any domain and still get to my user. seems odd. But, it is bearable and i have learned something :)
I don't even have a static ip address, i am using no-ip.com's service (which, thankfully, seems to have gotten its act together and hasnt gone down in a while ;) ) to point to my server...

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

All of your domains point to the same IP address right? All of your IDs are on the same server behind that IP address so they surely could get to any of the IDs on the server. When you connect to a machine with FTP (or any other TCP based client) by name it first resolves the name to an IP address and then connects to the server via the IP address. The names are really only to keep us humans from losing our minds, they don't really mean a lot to TCP/IP based applications.

It's much like the phone system. When you dial up your friend on the telephone you have to dial his phone number and not his name right? Sure you may have a phone dialer program on your computer or PDA where you just click on his name and it dials your friends number, but it ultimately dials his number and not his name. When you dial your friend's phone number you actually have access to anyone in the house, not just your friend. Several people may live at the house and they (Dave, Jane, Bill, and Joe) could all have their names in the phone book but they would all be using the same phone number.

The Apache web server is a rare magical service that can detect what name you used in your browser and dish out content based on which name you used. That would be much like having callerID that can tell which entry in the phone book you used to call your friend. You might have been trying to call your friend's wife and found her name in the phone book. The callerID would display that the call was for you friends mom and not your friend. Apache is the only service I know of that can do this. And it can only do it because the browser and the server service are programmed to exchange this information after the initial connection is made. The FTP service could be rewritten to also exchange this information but then the client would also have to be rewritten and it just wouldn't work if you used an existing ftp client as this is behaviour is not currently built in to FTP.

On the other hand each of your friends who live in the same house could have their own phone number much like a server can have multiple IP addresses and you can tie certain services to specific IP addresses on that server. The only way I can see how you could tailor an FTP server to a specific domain would be to set up multiple IP addresses on your server and do IP based virtual hosts. Then you could have a separate FTP configuration for each IP address but it would take some xinetd tricks to do it if you want to use vsftpd for this. Again, I don't really see the point in doing this.
Last edited by Void Main on Fri Jul 04, 2003 7:45 am, edited 1 time in total.

User avatar
xyle_one
programmer
programmer
Posts: 129
Joined: Mon Jan 13, 2003 1:02 pm
Contact:

Post by xyle_one »

Void Main wrote:All of your domains point to the same IP address right? All of your IDs are on the same server behind that IP address so they surely could get to any of the IDs on the server. When you connect to a machine with FTP (or any other TCP based client) by name it first resolves the name to an IP address and then connects to the server via the IP address. The names are really only to keep us humans from losing our minds, they don't really mean a lot to TCP/IP based applications.

It's much like the phone system. When you dial up your friend you have to dial his phone number and not his name right? When you dial his phone number you actually have access to anyone in the house, not just you friend. Several people may live at the house and they (Dave, Jane, Bill, and Joe) could all have their names in the phone book but all using the same phone number.
ah, very good way to put it. I understand now.

Post Reply