• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 293
  • Last Modified:

Restrict access for users using FTP

I've just installed a new RedHat 5.2 (server setup) at work.
When I add a new user - Linux sets up the /home/<user> folder and adds the user to the system perfectly.
So far so good... However - all users seems to be allowed
to "cd ..", "cd <folder>, or even "cd /".
From what I have noticed - all users are allowed to, more
or less, checkout all present folders except /root.
They can also use "get" but not "send" in FTP. It may even
be so that they can download configuration files in /etc (haven't confirmed that yet though). All this seems to be default for some reason and is very annoying.
Now - can I change that ? I don't want users to be able to checkout anything "above" their own /home/<user> folder.
If I can change that - HOW do I do it ? chmod ? chgrp ? Explain the simplest way possible to do it please...
1 Solution
Hi Queux,

hmm....this question can have many answers....I'll give you the 2 that come to mind right now.

You can use the chmod command to change permissions, although there will be a lot of files and directories which will need to allow user-write/read privileges.

By changing the group, you will do pretty much the same...

The best solution for this problem is to install or make a restricted shell and assing it to your users.  that way, they will not be able to cd above their home directory.

Concerning the ftp, if you want to restrict access, you just need to add the username you want to restrict in /etc/ftpusers.


Actually Proftpd (www.proftpd.org) offers a pretty nify, and siple way to do this using apache-style configs. If you prefer wu-ftpd add a guest group which all of your users are a part of and restrict access utilizing /etc/ftpgroups and /etc/ftpaccess. (if you decide to go with proftpd either edit the adduser command on you system -- if its a script type, or create a wrapper for the adduser binary to echo the appropriate accessinfo to /etc/proftpd.conf)
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Train for your Pen Testing Engineer Certification

Enroll today in this bundle of courses to gain experience in the logistics of pen testing, Linux fundamentals, vulnerability assessments, detecting live systems, and more! This series, valued at $3,000, is free for Premium members, Team Accounts, and Qualified Experts.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now