Solved

Restrict access for users using FTP

Posted on 1998-12-04
2
282 Views
Last Modified: 2010-04-20
I've just installed a new RedHat 5.2 (server setup) at work.
When I add a new user - Linux sets up the /home/<user> folder and adds the user to the system perfectly.
So far so good... However - all users seems to be allowed
to "cd ..", "cd <folder>, or even "cd /".
From what I have noticed - all users are allowed to, more
or less, checkout all present folders except /root.
They can also use "get" but not "send" in FTP. It may even
be so that they can download configuration files in /etc (haven't confirmed that yet though). All this seems to be default for some reason and is very annoying.
Now - can I change that ? I don't want users to be able to checkout anything "above" their own /home/<user> folder.
If I can change that - HOW do I do it ? chmod ? chgrp ? Explain the simplest way possible to do it please...
0
Comment
Question by:Queux
2 Comments
 

Accepted Solution

by:
jconde2 earned 200 total points
ID: 1638725
Hi Queux,

hmm....this question can have many answers....I'll give you the 2 that come to mind right now.

You can use the chmod command to change permissions, although there will be a lot of files and directories which will need to allow user-write/read privileges.

By changing the group, you will do pretty much the same...

The best solution for this problem is to install or make a restricted shell and assing it to your users.  that way, they will not be able to cd above their home directory.

Concerning the ftp, if you want to restrict access, you just need to add the username you want to restrict in /etc/ftpusers.

regards,

Jorge
0
 

Expert Comment

by:sbobk
ID: 1638726
Actually Proftpd (www.proftpd.org) offers a pretty nify, and siple way to do this using apache-style configs. If you prefer wu-ftpd add a guest group which all of your users are a part of and restrict access utilizing /etc/ftpgroups and /etc/ftpaccess. (if you decide to go with proftpd either edit the adduser command on you system -- if its a script type, or create a wrapper for the adduser binary to echo the appropriate accessinfo to /etc/proftpd.conf)
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you have a server on collocation with the super-fast CPU, that doesn't mean that you get it running at full power. Here is a preamble. When doing inventory of Linux servers, that I'm administering, I've found that some of them are running on l…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

910 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now