Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Restrict access for users using FTP

Posted on 1998-12-04
2
Medium Priority
?
292 Views
Last Modified: 2010-04-20
I've just installed a new RedHat 5.2 (server setup) at work.
When I add a new user - Linux sets up the /home/<user> folder and adds the user to the system perfectly.
So far so good... However - all users seems to be allowed
to "cd ..", "cd <folder>, or even "cd /".
From what I have noticed - all users are allowed to, more
or less, checkout all present folders except /root.
They can also use "get" but not "send" in FTP. It may even
be so that they can download configuration files in /etc (haven't confirmed that yet though). All this seems to be default for some reason and is very annoying.
Now - can I change that ? I don't want users to be able to checkout anything "above" their own /home/<user> folder.
If I can change that - HOW do I do it ? chmod ? chgrp ? Explain the simplest way possible to do it please...
0
Comment
Question by:Queux
2 Comments
 

Accepted Solution

by:
jconde2 earned 600 total points
ID: 1638725
Hi Queux,

hmm....this question can have many answers....I'll give you the 2 that come to mind right now.

You can use the chmod command to change permissions, although there will be a lot of files and directories which will need to allow user-write/read privileges.

By changing the group, you will do pretty much the same...

The best solution for this problem is to install or make a restricted shell and assing it to your users.  that way, they will not be able to cd above their home directory.

Concerning the ftp, if you want to restrict access, you just need to add the username you want to restrict in /etc/ftpusers.

regards,

Jorge
0
 

Expert Comment

by:sbobk
ID: 1638726
Actually Proftpd (www.proftpd.org) offers a pretty nify, and siple way to do this using apache-style configs. If you prefer wu-ftpd add a guest group which all of your users are a part of and restrict access utilizing /etc/ftpgroups and /etc/ftpaccess. (if you decide to go with proftpd either edit the adduser command on you system -- if its a script type, or create a wrapper for the adduser binary to echo the appropriate accessinfo to /etc/proftpd.conf)
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The purpose of this article is to demonstrate how we can use conditional statements using Python.
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Suggested Courses
Course of the Month7 days, 12 hours left to enroll

824 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question