Solved

Restricting ftp access

Posted on 1997-11-01
3
236 Views
Last Modified: 2010-03-18
Hi!
I'm running Linux redhat 4.2 (2.0.30) with wu-2.4.2 BETA-15.
What I would like to is to restrict the users access to
their home dirs only. They should not be able to browse the
entire filesystem. Is there any way to do this?
I have tried putting the homedir in /etc/passwd to:
"/home/user/./" but they can still access
other directories.  
0
Comment
Question by:frosty_aw
3 Comments
 
LVL 2

Expert Comment

by:df020797
ID: 1586784
This can be achieved by chrooting them when they enter their account via ftp. Tjis has been described for wu.ftpd in a HTML document, but I forgot the URL :-/ Try Altavista, I KNOW there is a description or HOWTO for it.
0
 
LVL 4

Expert Comment

by:jetx
ID: 1586785
why not try setting the other directory to suid root :)


0
 
LVL 4

Accepted Solution

by:
unicorntech earned 50 total points
ID: 1586786
I would do this by setting the home dir to whatever you want eg.
/home/username and making the /home dir not readable or writeable for any user other than root. Then I would make sure the individual user dir was readable and writeable for that user only.
if this is not suitable then from the man dpage:
FTPD authenticates user based on 5 rules:

5. If the user name appears in the file /etc/ftpchroot, or the                user is a member of a group with a group entry in this file,
 to the user's login directory by chroot(2) as for an               ``anonymous'' or ``ftp'' account (see next item).  This facil-
ity may also be triggered by enabling the boolean "ftp-chroot"
capability in login.conf(5).  However, the user must still
supply a password.  This feature is intended as a compromise
between a fully anonymous account and a fully privileged ac-
count.  The account should also be set up as for an anonymous
account.            

See the man pages on ftpd and on ftp-chroot for more info.

Hope this helps,

Jason        
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now