Solved

Restrict access for users using FTP

Posted on 1998-12-04
2
284 Views
Last Modified: 2010-04-20
I've just installed a new RedHat 5.2 (server setup) at work.
When I add a new user - Linux sets up the /home/<user> folder and adds the user to the system perfectly.
So far so good... However - all users seems to be allowed
to "cd ..", "cd <folder>, or even "cd /".
From what I have noticed - all users are allowed to, more
or less, checkout all present folders except /root.
They can also use "get" but not "send" in FTP. It may even
be so that they can download configuration files in /etc (haven't confirmed that yet though). All this seems to be default for some reason and is very annoying.
Now - can I change that ? I don't want users to be able to checkout anything "above" their own /home/<user> folder.
If I can change that - HOW do I do it ? chmod ? chgrp ? Explain the simplest way possible to do it please...
0
Comment
Question by:Queux
2 Comments
 

Accepted Solution

by:
jconde2 earned 200 total points
ID: 1638725
Hi Queux,

hmm....this question can have many answers....I'll give you the 2 that come to mind right now.

You can use the chmod command to change permissions, although there will be a lot of files and directories which will need to allow user-write/read privileges.

By changing the group, you will do pretty much the same...

The best solution for this problem is to install or make a restricted shell and assing it to your users.  that way, they will not be able to cd above their home directory.

Concerning the ftp, if you want to restrict access, you just need to add the username you want to restrict in /etc/ftpusers.

regards,

Jorge
0
 

Expert Comment

by:sbobk
ID: 1638726
Actually Proftpd (www.proftpd.org) offers a pretty nify, and siple way to do this using apache-style configs. If you prefer wu-ftpd add a guest group which all of your users are a part of and restrict access utilizing /etc/ftpgroups and /etc/ftpaccess. (if you decide to go with proftpd either edit the adduser command on you system -- if its a script type, or create a wrapper for the adduser binary to echo the appropriate accessinfo to /etc/proftpd.conf)
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question