Solved

wu-ftpd access control

Posted on 2000-04-25
16
473 Views
Last Modified: 2013-12-16
How do u set wu-ftpd to limit access to a certain directory only for all users and do not allow them to see and download files from /etc

I managed to set it to work for ftp and anonymous user but does not seem to work for other user... I can still cd to /etc to download whatever files I want

cheers
0
Comment
Question by:bluepet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
  • 2
  • +2
16 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 400 total points
ID: 2750140
Take a look at ftp://ftp.fni.com/pub/wu-ftpd/guest-howto. I think you'll find that you can use the information in that document to restrict users to specific directories. There is also quite a bit of other useful information about wu-ftp in the FAQ at http://www.wu-ftpd.org.
0
 
LVL 3

Author Comment

by:bluepet
ID: 2771885
Adjusted points from 200 to 400
0
 
LVL 3

Author Comment

by:bluepet
ID: 2771886
I manage to do it.

unfortunately when I try to upload files I get this error

553 Could not determine pwdir: No such files or directory

anyone knows why that is so?

What did I do wrong?

thanks



0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 3

Author Comment

by:bluepet
ID: 2772196
I manage to do it.

unfortunately when I try to upload files I get this error

553 Could not determine pwdir: No such files or directory

anyone knows why that is so?

What did I do wrong?

thanks



0
 
LVL 3

Author Comment

by:bluepet
ID: 2772224
When I ftp and cd ~

it try to go to the directory of the user set as /home/usr/username

but since I put /etc/passwd
the home as
 /home/usr/username/./

/home/usr/username does not exist anymore when I log on in ftp

anyone know the way around this? or where did I go wrong?

0
 
LVL 40

Expert Comment

by:jlevie
ID: 2774617
Is this "/home/usr/username/./" what's in /etc/passwd, or is this "/home/usr/username" (I'm assuming that "username" is actually some user's login name)?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2774859
Is this "/home/usr/username/./" what's in /etc/passwd, or is this "/home/usr/username" (I'm assuming that "username" is actually some user's login name)?
0
 
LVL 3

Author Comment

by:bluepet
ID: 2775728
jlevie

it is in /etc/passwd

yes the username is the user loginame

I manage to do it already to get rid of the error message by adding

the directory structure to the user home dir

ie
/home/usr/username/home/usr/username

where username at the end is a symbolic link to /

so when the user connect using ftp and cd ~ it will go back to / which in this case the user's own home dir...

thanks anyway jvelie

0
 
LVL 3

Author Comment

by:bluepet
ID: 2775734
the /usr/home/username/./ is to chroot the user / as his own home dir

0
 
LVL 2

Expert Comment

by:ish
ID: 2947462
This generally means the user cannot find their home directory. Check the
permissions on the directories and the system and local etc/passwd and
etc/group files

Is this a VIRTUAL server (WUFTP can do that) in which case it may be using an /etc/passwd that is in a seperate file system, or is the server it'self?  In which case it is using the ACTUAL /etc/passwd?

in the /etc/ftpaccess file have you given them access?

# specify the upload directory information                              
upload  /opt/ftp  *                 no      root staff  0600 nodirs
upload  /opt/ftp  /incoming         yes     root staff  0600 nodirs

??? It is definately a permissions issue, but there MANY places where it can be controlled.
0
 

Expert Comment

by:eleen0912
ID: 3701259
What version are you using? Perhaps it's a bug.

Looks like there is some common set of features people would like
to have in FTP servers.

There is another feature, however. All users data is placed to
database (ex. MySQL ), though passwords from /etc/passwd
are valid as well.

And there also is a way to restrict user's access to his
home directory, merely blocking commands concerned files outside it.
0
 
LVL 1

Expert Comment

by:gabsi
ID: 4050533
Using
upload  /opt/wu_ftpd/home  *             no   upload  /opt/wu_ftpd/home       /incoming     yes     root    daemon  0600 nodirs        
permit tu anonymous users to access to all the ftp home directory, but they are able to write files to the incoming directory only.
The "root dameon 0600" protection is there to avoid insecure exchanges between users.
This rules are applied to all users belonging to the "gestgroup" called as you want. ftpguest here.
guestgroup ftpguest
0
 
LVL 1

Expert Comment

by:gabsi
ID: 4050555
sorry, I forgot a <CR>
upload  /opt/wu_ftpd/home  *             no  
upload  /opt/wu_ftpd/home       /incoming     yes     root    daemon  0600 nodirs        

upload  /opt/wu_ftpd/home       /upload    yes     root    daemon  0600   dirs
The third rule permit user to create subdirs in upload directory.
Also, a user belong to ftpguest group cant access to any other resources of the system, you have to manage an bin and an etc directory in his home directory.
The bin directory must contain at least a nol dynamically compiled version of "ls".
0
 
LVL 3

Author Comment

by:bluepet
ID: 4062072
I found out the problem already. The reason I can't get it  to work for other users and only anonymous ftp user is because I didn't put all the users in the guestgroup group

i.e set it in /etc/ftpaccess

guestgroup myftpgroup

anyway thanks for answering I guess I will give the points to ilevie as that is where I get the info from.

0
 
LVL 3

Author Comment

by:bluepet
ID: 4062081
It would be nice if the person would actually provide proper answer instead of providing a link that I already know of... but since my problem is solve.. I guess the points does not matter much...

cheers anyway

thanks for answering
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Attention: This article will no longer be maintained. If you have any questions, please feel free to mail me. jgh@FreeBSD.org Please see http://www.freebsd.org/doc/en_US.ISO8859-1/articles/freebsd-update-server/ for the updated article. It is avail…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

729 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question