Solved

Restrict access for users using FTP

Posted on 1998-12-04
2
280 Views
Last Modified: 2010-04-20
I've just installed a new RedHat 5.2 (server setup) at work.
When I add a new user - Linux sets up the /home/<user> folder and adds the user to the system perfectly.
So far so good... However - all users seems to be allowed
to "cd ..", "cd <folder>, or even "cd /".
From what I have noticed - all users are allowed to, more
or less, checkout all present folders except /root.
They can also use "get" but not "send" in FTP. It may even
be so that they can download configuration files in /etc (haven't confirmed that yet though). All this seems to be default for some reason and is very annoying.
Now - can I change that ? I don't want users to be able to checkout anything "above" their own /home/<user> folder.
If I can change that - HOW do I do it ? chmod ? chgrp ? Explain the simplest way possible to do it please...
0
Comment
Question by:Queux
2 Comments
 

Accepted Solution

by:
jconde2 earned 200 total points
Comment Utility
Hi Queux,

hmm....this question can have many answers....I'll give you the 2 that come to mind right now.

You can use the chmod command to change permissions, although there will be a lot of files and directories which will need to allow user-write/read privileges.

By changing the group, you will do pretty much the same...

The best solution for this problem is to install or make a restricted shell and assing it to your users.  that way, they will not be able to cd above their home directory.

Concerning the ftp, if you want to restrict access, you just need to add the username you want to restrict in /etc/ftpusers.

regards,

Jorge
0
 

Expert Comment

by:sbobk
Comment Utility
Actually Proftpd (www.proftpd.org) offers a pretty nify, and siple way to do this using apache-style configs. If you prefer wu-ftpd add a guest group which all of your users are a part of and restrict access utilizing /etc/ftpgroups and /etc/ftpaccess. (if you decide to go with proftpd either edit the adduser command on you system -- if its a script type, or create a wrapper for the adduser binary to echo the appropriate accessinfo to /etc/proftpd.conf)
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Suggested Solutions

Daily system administration tasks often require administrators to connect remote systems. But allowing these remote systems to accept passwords makes these systems vulnerable to the risk of brute-force password guessing attacks. Furthermore there ar…
Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now