Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


ftp access

Posted on 1999-01-27
Medium Priority
Last Modified: 2010-03-18
I'm running Linux RedHat 5.2.
I'm trying to setup ftp access.
Actually, i've disable guest & anonymous access. I just
want to allow known users to log on.
This part works fine. But now, i want to restrict each user access to his own directory. I mean i don't want to allow a user to do "cd /etc" or something similar. I just want to allow him to put or get files from his own directory.

Any idea would be welcome.
Thanks, Jacoby.
Question by:jacoby
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions

Expert Comment

ID: 1588243
Make sure you have lots of disk space.

Make your "new" root directory:
mkdir /export/ftp
cd /
cp -Rf usr /export/ftp/usr
cp -Rf bin /export/ftp/bin
cp -Rf sbin /export/ftp/sbin
cp -Rf lib /export/ftp/lib
cp -Rf etc /exports/ftp/etc
mkdir /exports/ftp/tmp
chmod 777 /exports/ftp/tmp

Delete all the unecessary files from /exports/ftp (use "chroot /etc/exports/ftp /bin/sh" to find out if you can delete stuff.  read the chroot manpage.  Add users while you're chrooted.)

Make all the home directories you want in /exports/ftp/home, and chmod them properly so users don't have access to each other's home directories.

In inetd.conf:
tp     stream  tcp     nowait  root    /usr/sbin/tcpd  in.new.ftpd

Create "in.new.ftpd" in /usr/sbin, chmod it to 755:
env - chroot /export/ftp /usr/sbin/in.ftpd -a -l -i -o

Is that more than you were bargaining for?

It would be for me.

LVL 51

Expert Comment

ID: 1588244
change the login directory in /etc/passwd as follows:

/usr/home/user   --->   /usr/home/./user

Then create  /usr/home/{bin,lib}/ and copy all you want to have for your users.

Author Comment

ID: 1588245
mcdonc, thanks for your help, but your solution need more disk space than i can have.

ahoffmann, i tried what you said but i still can go out of my home directory. (humm by "create  /usr/home/{bin,lib}/ ", I assume you mean : create bin and lib directories in /usr/home/ and put in bin and lib what i need?  This is what i did, but i still have the same prob.

Thanks, Jacoby.
Turn your laptop into a mobile console!

The CV211 Laptop USB Console Adapter provides a direct Laptop-to-Computer connection for fast and easy remote desktop access with no software to install.

LVL 51

Expert Comment

ID: 1588246
my solutions is based on wu-ftp, hmm I thought linux uses this one.
Could you please check?
You also may check /etc/ftp{groups,users}

Anyway, I slightly remember that this question still was answerd at E-E ...

Expert Comment

ID: 1588247
1.Make "new" /bin and /lib directories, for example:
mkdir /usr/home/ftpbin
mkdir /usr/home/ftplib
2. Copy all necessary files there. You can find them in /usr/home/ftp/{bin,lib}. Or copy them from /bin and /lib. They are
a) compress,  cpio,  gzip, ls,  sh,   tar,  zcat
and b)
ld-2.0.7.so            libc.so.6              libnss_files-2.0.7.so
ld-linux.so.2          libnsl-2.0.7.so        libnss_files.so.1
libc-2.0.7.so          libnsl.so.1


3. For each user replace their HOME string in /etc/passwd :
/usr/home/USER   --->   /usr/home/./USER

4. Create a hard link for each user in his home directory :
ln /usr/home/ftpbin /usr/home/USER/bin
ln /usr/home/ftplib /usr/home/USER/lib

LVL 51

Expert Comment

ID: 1588248
still have this as comments, Toliann :-(

Author Comment

ID: 1588249
Ahoffmann, in fact now it work but with guest users. I didn't really knwo what was Guest user, but it was exactly what i needed. But I think your answer is also good, so please reply with an answer and i'll grade it.
Thanks,  Jacoby
LVL 51

Accepted Solution

ahoffmann earned 150 total points
ID: 1588250
change the login directory in /etc/passwd as follows:

     /usr/home/user   --->   /usr/home/./user

Author Comment

ID: 1588251
Sorry, about the delay.
Thanks for your help !!

Regards, Jacoby.

Author Comment

ID: 2268851
found a good tutorial for wu-ftpd with guest account.


Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question