bluepet
asked on
wu-ftpd access control
How do u set wu-ftpd to limit access to a certain directory only for all users and do not allow them to see and download files from /etc
I managed to set it to work for ftp and anonymous user but does not seem to work for other user... I can still cd to /etc to download whatever files I want
cheers
I managed to set it to work for ftp and anonymous user but does not seem to work for other user... I can still cd to /etc to download whatever files I want
cheers
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I manage to do it.
unfortunately when I try to upload files I get this error
553 Could not determine pwdir: No such files or directory
anyone knows why that is so?
What did I do wrong?
thanks
unfortunately when I try to upload files I get this error
553 Could not determine pwdir: No such files or directory
anyone knows why that is so?
What did I do wrong?
thanks
ASKER
I manage to do it.
unfortunately when I try to upload files I get this error
553 Could not determine pwdir: No such files or directory
anyone knows why that is so?
What did I do wrong?
thanks
unfortunately when I try to upload files I get this error
553 Could not determine pwdir: No such files or directory
anyone knows why that is so?
What did I do wrong?
thanks
ASKER
When I ftp and cd ~
it try to go to the directory of the user set as /home/usr/username
but since I put /etc/passwd
the home as
/home/usr/username/./
/home/usr/username does not exist anymore when I log on in ftp
anyone know the way around this? or where did I go wrong?
it try to go to the directory of the user set as /home/usr/username
but since I put /etc/passwd
the home as
/home/usr/username/./
/home/usr/username does not exist anymore when I log on in ftp
anyone know the way around this? or where did I go wrong?
Is this "/home/usr/username/./" what's in /etc/passwd, or is this "/home/usr/username" (I'm assuming that "username" is actually some user's login name)?
Is this "/home/usr/username/./" what's in /etc/passwd, or is this "/home/usr/username" (I'm assuming that "username" is actually some user's login name)?
ASKER
jlevie
it is in /etc/passwd
yes the username is the user loginame
I manage to do it already to get rid of the error message by adding
the directory structure to the user home dir
ie
/home/usr/username/home/us r/username
where username at the end is a symbolic link to /
so when the user connect using ftp and cd ~ it will go back to / which in this case the user's own home dir...
thanks anyway jvelie
it is in /etc/passwd
yes the username is the user loginame
I manage to do it already to get rid of the error message by adding
the directory structure to the user home dir
ie
/home/usr/username/home/us
where username at the end is a symbolic link to /
so when the user connect using ftp and cd ~ it will go back to / which in this case the user's own home dir...
thanks anyway jvelie
ASKER
the /usr/home/username/./ is to chroot the user / as his own home dir
This generally means the user cannot find their home directory. Check the
permissions on the directories and the system and local etc/passwd and
etc/group files
Is this a VIRTUAL server (WUFTP can do that) in which case it may be using an /etc/passwd that is in a seperate file system, or is the server it'self? In which case it is using the ACTUAL /etc/passwd?
in the /etc/ftpaccess file have you given them access?
# specify the upload directory information
upload /opt/ftp * no root staff 0600 nodirs
upload /opt/ftp /incoming yes root staff 0600 nodirs
??? It is definately a permissions issue, but there MANY places where it can be controlled.
permissions on the directories and the system and local etc/passwd and
etc/group files
Is this a VIRTUAL server (WUFTP can do that) in which case it may be using an /etc/passwd that is in a seperate file system, or is the server it'self? In which case it is using the ACTUAL /etc/passwd?
in the /etc/ftpaccess file have you given them access?
# specify the upload directory information
upload /opt/ftp * no root staff 0600 nodirs
upload /opt/ftp /incoming yes root staff 0600 nodirs
??? It is definately a permissions issue, but there MANY places where it can be controlled.
What version are you using? Perhaps it's a bug.
Looks like there is some common set of features people would like
to have in FTP servers.
There is another feature, however. All users data is placed to
database (ex. MySQL ), though passwords from /etc/passwd
are valid as well.
And there also is a way to restrict user's access to his
home directory, merely blocking commands concerned files outside it.
Looks like there is some common set of features people would like
to have in FTP servers.
There is another feature, however. All users data is placed to
database (ex. MySQL ), though passwords from /etc/passwd
are valid as well.
And there also is a way to restrict user's access to his
home directory, merely blocking commands concerned files outside it.
Using
upload /opt/wu_ftpd/home * no upload /opt/wu_ftpd/home /incoming yes root daemon 0600 nodirs
permit tu anonymous users to access to all the ftp home directory, but they are able to write files to the incoming directory only.
The "root dameon 0600" protection is there to avoid insecure exchanges between users.
This rules are applied to all users belonging to the "gestgroup" called as you want. ftpguest here.
guestgroup ftpguest
upload /opt/wu_ftpd/home * no upload /opt/wu_ftpd/home /incoming yes root daemon 0600 nodirs
permit tu anonymous users to access to all the ftp home directory, but they are able to write files to the incoming directory only.
The "root dameon 0600" protection is there to avoid insecure exchanges between users.
This rules are applied to all users belonging to the "gestgroup" called as you want. ftpguest here.
guestgroup ftpguest
sorry, I forgot a <CR>
upload /opt/wu_ftpd/home * no
upload /opt/wu_ftpd/home /incoming yes root daemon 0600 nodirs
upload /opt/wu_ftpd/home /upload yes root daemon 0600 dirs
The third rule permit user to create subdirs in upload directory.
Also, a user belong to ftpguest group cant access to any other resources of the system, you have to manage an bin and an etc directory in his home directory.
The bin directory must contain at least a nol dynamically compiled version of "ls".
upload /opt/wu_ftpd/home * no
upload /opt/wu_ftpd/home /incoming yes root daemon 0600 nodirs
upload /opt/wu_ftpd/home /upload yes root daemon 0600 dirs
The third rule permit user to create subdirs in upload directory.
Also, a user belong to ftpguest group cant access to any other resources of the system, you have to manage an bin and an etc directory in his home directory.
The bin directory must contain at least a nol dynamically compiled version of "ls".
ASKER
I found out the problem already. The reason I can't get it to work for other users and only anonymous ftp user is because I didn't put all the users in the guestgroup group
i.e set it in /etc/ftpaccess
guestgroup myftpgroup
anyway thanks for answering I guess I will give the points to ilevie as that is where I get the info from.
i.e set it in /etc/ftpaccess
guestgroup myftpgroup
anyway thanks for answering I guess I will give the points to ilevie as that is where I get the info from.
ASKER
It would be nice if the person would actually provide proper answer instead of providing a link that I already know of... but since my problem is solve.. I guess the points does not matter much...
cheers anyway
thanks for answering
cheers anyway
thanks for answering
ASKER