Solved

wu-ftpd access control

Posted on 2000-04-25
16
461 Views
Last Modified: 2013-12-16
How do u set wu-ftpd to limit access to a certain directory only for all users and do not allow them to see and download files from /etc

I managed to set it to work for ftp and anonymous user but does not seem to work for other user... I can still cd to /etc to download whatever files I want

cheers
0
Comment
Question by:bluepet
  • 8
  • 3
  • 2
  • +2
16 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 400 total points
ID: 2750140
Take a look at ftp://ftp.fni.com/pub/wu-ftpd/guest-howto. I think you'll find that you can use the information in that document to restrict users to specific directories. There is also quite a bit of other useful information about wu-ftp in the FAQ at http://www.wu-ftpd.org.
0
 
LVL 3

Author Comment

by:bluepet
ID: 2771885
Adjusted points from 200 to 400
0
 
LVL 3

Author Comment

by:bluepet
ID: 2771886
I manage to do it.

unfortunately when I try to upload files I get this error

553 Could not determine pwdir: No such files or directory

anyone knows why that is so?

What did I do wrong?

thanks



0
 
LVL 3

Author Comment

by:bluepet
ID: 2772196
I manage to do it.

unfortunately when I try to upload files I get this error

553 Could not determine pwdir: No such files or directory

anyone knows why that is so?

What did I do wrong?

thanks



0
 
LVL 3

Author Comment

by:bluepet
ID: 2772224
When I ftp and cd ~

it try to go to the directory of the user set as /home/usr/username

but since I put /etc/passwd
the home as
 /home/usr/username/./

/home/usr/username does not exist anymore when I log on in ftp

anyone know the way around this? or where did I go wrong?

0
 
LVL 40

Expert Comment

by:jlevie
ID: 2774617
Is this "/home/usr/username/./" what's in /etc/passwd, or is this "/home/usr/username" (I'm assuming that "username" is actually some user's login name)?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 2774859
Is this "/home/usr/username/./" what's in /etc/passwd, or is this "/home/usr/username" (I'm assuming that "username" is actually some user's login name)?
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 3

Author Comment

by:bluepet
ID: 2775728
jlevie

it is in /etc/passwd

yes the username is the user loginame

I manage to do it already to get rid of the error message by adding

the directory structure to the user home dir

ie
/home/usr/username/home/usr/username

where username at the end is a symbolic link to /

so when the user connect using ftp and cd ~ it will go back to / which in this case the user's own home dir...

thanks anyway jvelie

0
 
LVL 3

Author Comment

by:bluepet
ID: 2775734
the /usr/home/username/./ is to chroot the user / as his own home dir

0
 
LVL 2

Expert Comment

by:ish
ID: 2947462
This generally means the user cannot find their home directory. Check the
permissions on the directories and the system and local etc/passwd and
etc/group files

Is this a VIRTUAL server (WUFTP can do that) in which case it may be using an /etc/passwd that is in a seperate file system, or is the server it'self?  In which case it is using the ACTUAL /etc/passwd?

in the /etc/ftpaccess file have you given them access?

# specify the upload directory information                              
upload  /opt/ftp  *                 no      root staff  0600 nodirs
upload  /opt/ftp  /incoming         yes     root staff  0600 nodirs

??? It is definately a permissions issue, but there MANY places where it can be controlled.
0
 

Expert Comment

by:eleen0912
ID: 3701259
What version are you using? Perhaps it's a bug.

Looks like there is some common set of features people would like
to have in FTP servers.

There is another feature, however. All users data is placed to
database (ex. MySQL ), though passwords from /etc/passwd
are valid as well.

And there also is a way to restrict user's access to his
home directory, merely blocking commands concerned files outside it.
0
 
LVL 1

Expert Comment

by:gabsi
ID: 4050533
Using
upload  /opt/wu_ftpd/home  *             no   upload  /opt/wu_ftpd/home       /incoming     yes     root    daemon  0600 nodirs        
permit tu anonymous users to access to all the ftp home directory, but they are able to write files to the incoming directory only.
The "root dameon 0600" protection is there to avoid insecure exchanges between users.
This rules are applied to all users belonging to the "gestgroup" called as you want. ftpguest here.
guestgroup ftpguest
0
 
LVL 1

Expert Comment

by:gabsi
ID: 4050555
sorry, I forgot a <CR>
upload  /opt/wu_ftpd/home  *             no  
upload  /opt/wu_ftpd/home       /incoming     yes     root    daemon  0600 nodirs        

upload  /opt/wu_ftpd/home       /upload    yes     root    daemon  0600   dirs
The third rule permit user to create subdirs in upload directory.
Also, a user belong to ftpguest group cant access to any other resources of the system, you have to manage an bin and an etc directory in his home directory.
The bin directory must contain at least a nol dynamically compiled version of "ls".
0
 
LVL 3

Author Comment

by:bluepet
ID: 4062072
I found out the problem already. The reason I can't get it  to work for other users and only anonymous ftp user is because I didn't put all the users in the guestgroup group

i.e set it in /etc/ftpaccess

guestgroup myftpgroup

anyway thanks for answering I guess I will give the points to ilevie as that is where I get the info from.

0
 
LVL 3

Author Comment

by:bluepet
ID: 4062081
It would be nice if the person would actually provide proper answer instead of providing a link that I already know of... but since my problem is solve.. I guess the points does not matter much...

cheers anyway

thanks for answering
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Hello fellow BSD lovers, I've created a patch process for patching openjdk6 for BSD (FreeBSD specifically), although I tried to keep all BSD versions in mind when creating my patch. Welcome to OpenJDK6 on BSD First let me start with a little …
When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now