Solved

ftp access

Posted on 1999-01-27
10
169 Views
Last Modified: 2010-03-18
I'm running Linux RedHat 5.2.
I'm trying to setup ftp access.
Actually, i've disable guest & anonymous access. I just
want to allow known users to log on.
This part works fine. But now, i want to restrict each user access to his own directory. I mean i don't want to allow a user to do "cd /etc" or something similar. I just want to allow him to put or get files from his own directory.

Any idea would be welcome.
Thanks, Jacoby.
0
Comment
Question by:jacoby
10 Comments
 
LVL 4

Expert Comment

by:mcdonc
ID: 1588243
Make sure you have lots of disk space.

Make your "new" root directory:
mkdir /export/ftp
cd /
cp -Rf usr /export/ftp/usr
cp -Rf bin /export/ftp/bin
cp -Rf sbin /export/ftp/sbin
cp -Rf lib /export/ftp/lib
cp -Rf etc /exports/ftp/etc
mkdir /exports/ftp/tmp
chmod 777 /exports/ftp/tmp

Delete all the unecessary files from /exports/ftp (use "chroot /etc/exports/ftp /bin/sh" to find out if you can delete stuff.  read the chroot manpage.  Add users while you're chrooted.)

Make all the home directories you want in /exports/ftp/home, and chmod them properly so users don't have access to each other's home directories.


In inetd.conf:
tp     stream  tcp     nowait  root    /usr/sbin/tcpd  in.new.ftpd

Create "in.new.ftpd" in /usr/sbin, chmod it to 755:
#!/bin/sh
#in.new.ftpd
env - chroot /export/ftp /usr/sbin/in.ftpd -a -l -i -o

Is that more than you were bargaining for?

It would be for me.


0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1588244
change the login directory in /etc/passwd as follows:

/usr/home/user   --->   /usr/home/./user

Then create  /usr/home/{bin,lib}/ and copy all you want to have for your users.
0
 
LVL 1

Author Comment

by:jacoby
ID: 1588245
mcdonc, thanks for your help, but your solution need more disk space than i can have.

ahoffmann, i tried what you said but i still can go out of my home directory. (humm by "create  /usr/home/{bin,lib}/ ", I assume you mean : create bin and lib directories in /usr/home/ and put in bin and lib what i need?  This is what i did, but i still have the same prob.

Thanks, Jacoby.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1588246
my solutions is based on wu-ftp, hmm I thought linux uses this one.
Could you please check?
You also may check /etc/ftp{groups,users}

Anyway, I slightly remember that this question still was answerd at E-E ...
0
 

Expert Comment

by:Toliann
ID: 1588247
1.Make "new" /bin and /lib directories, for example:
mkdir /usr/home/ftpbin
mkdir /usr/home/ftplib
2. Copy all necessary files there. You can find them in /usr/home/ftp/{bin,lib}. Or copy them from /bin and /lib. They are
a) compress,  cpio,  gzip, ls,  sh,   tar,  zcat
and b)
ld-2.0.7.so            libc.so.6              libnss_files-2.0.7.so
ld-linux.so.2          libnsl-2.0.7.so        libnss_files.so.1
libc-2.0.7.so          libnsl.so.1

respectively.

3. For each user replace their HOME string in /etc/passwd :
/usr/home/USER   --->   /usr/home/./USER

4. Create a hard link for each user in his home directory :
ln /usr/home/ftpbin /usr/home/USER/bin
ln /usr/home/ftplib /usr/home/USER/lib

Regards.
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 51

Expert Comment

by:ahoffmann
ID: 1588248
still have this as comments, Toliann :-(
0
 
LVL 1

Author Comment

by:jacoby
ID: 1588249
Ahoffmann, in fact now it work but with guest users. I didn't really knwo what was Guest user, but it was exactly what i needed. But I think your answer is also good, so please reply with an answer and i'll grade it.
Thanks,  Jacoby
0
 
LVL 51

Accepted Solution

by:
ahoffmann earned 50 total points
ID: 1588250
change the login directory in /etc/passwd as follows:

     /usr/home/user   --->   /usr/home/./user
0
 
LVL 1

Author Comment

by:jacoby
ID: 1588251
Sorry, about the delay.
Thanks for your help !!

Regards, Jacoby.
0
 
LVL 1

Author Comment

by:jacoby
ID: 2268851
found a good tutorial for wu-ftpd with guest account.


http://www.landfield.com/wu-ftpd/guest-howto.html
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now