Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ftpd Server question...

Posted on 2000-05-05
8
Medium Priority
?
483 Views
Last Modified: 2012-05-04
Greetings

 I have a ftpd server setup on a customers box running linux 5.2, and they're not ready to change any software yet.  I have created a handful of FTP users.  Each user is a member of the same "FTP" group.  When each respective user logs in, they chroot to their home ftp directory.  I noticed that one user can change into another user's directory and other "sensitive" areas of the filesystem.  How do I restrict each user from having this ability.  I want them to be restricted to their respective home FTP directories.  Thankx ahead for any help.......

Nat
0
Comment
Question by:toolminator
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
  • 2
8 Comments
 

Author Comment

by:toolminator
ID: 2781850
Adjusted points from 100 to 1000
0
 
LVL 3

Accepted Solution

by:
jyu_88 earned 3000 total points
ID: 2781931
You will need to set it up so that 'chroot' really happens. If chroot is configured to user's home, they will see /home/user1 as / when they ftp in.

How-to set chroot for user depends on which ftp server you are running:

with wu-ftpd, you'd need to add 'ftp' group to /etc/ftpgroups. then change user's home dir as '/home/user/./' or alike. the . will be the chroot point.
'usermod -d newHomeDir user'. man ftpd for more details.

with proftpd, it is quite simple, just enable "DefaultRoot  ~" in /etc/proftpd.conf

0
 

Author Comment

by:toolminator
ID: 2781968
First off , thankx for responding back.....

I've read the notes on wuftpd and proftpd (which looked really appealing, but software updates aren't an option at the moment), but they're using the ftpd that came with the redhat distribution cd.  I believe it was just called ftpd.

Nat
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 2

Expert Comment

by:modulus
ID: 2782004
Don't allow the users to use chroot!.  It should be restricted to superuser/root only.  The chroot should be done by the server.  I've only done this for wu-ftpd, but I'm sure there's similar functionality in all other servers. Look for information about "virtual domains" for your particular server.  You add the user/guest to a /virtual/domainX.com/etc/ftpaccess list and then in a /virtual/domainX.com/etc/passwd specify the chroot dir and the starting home dir

Check the manual pages at: http://www.landfield.com/wu-ftpd
Relevant excerpt:

The user's home directory must be properly set  up,  exactly
     as  anonymous FTP would be.  The home directory field of the
     passwd entry is divided into  two  directories.   The  first
     field  is  the  root directory which will be the argument to
     the chroot(2) call.  The second  half  is  the  user's  home
     directory  relative  to  the root directory.  The two halves
     are separated by a "/./".

     Example:
     in /etc/passwd, the real entry:

     guest1:<passwd>:100:92:Guest Account:/ftp/./incoming:/etc/ftponly
     When guest1 successfully logs in, the ftp  server  will  )""
     chroot("/ftp")  and  then )"" chdir("/incoming") . The guest
     user will only be able to  access  the  directory  structure
     under /ftp (which will look and act as / to guest1), just as
     an anonymous FTP user would.
0
 
LVL 3

Expert Comment

by:jyu_88
ID: 2782025
ftpd comes with RedHat is wu-ftpd. so just follow the info I gave above to configure chroot for users in 'ftp' group. add 'ftp' to /etc/ftpgroups, then change users home dir to special format with the '.'.

modulus, what you are talking about 'not letting users to use chroot?' wu-ftpd server will handle the chroot.
0
 

Author Comment

by:toolminator
ID: 2782110
Be back shortly, trying it out now....

Thanks for the input!!!!!!!!!!

me
0
 
LVL 2

Expert Comment

by:modulus
ID: 2782284
jyu_88,
reading his question it seemed that he was talking about letting the _user_ run chroot, whereas one wants the _server_ to execute chroot.  A big difference don't you think? Like I said "The
                 chroot should be done by the server" and like you said "wu-ftpd server
                 will handle the chroot."  So it seems we are in agreement, no?
best wishes,
modulus
0
 

Author Comment

by:toolminator
ID: 2784618
Hmmmmmmmmmmm.....

Still letting the person drop down directories... Bummer...
But I did go and grab the proftpd as a backup plan, much more straight forward!!! And it works!!! Bonus points... Guess they're just gonna have to deal with having new software....

Thankx big time for the input... A huge help as usual....

Nat
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you use Debian 6 Squeeze and you are tired of looking at the childish graphical GDM login screen that is used by default, here's an easy way to change it. If you've already tried to change it you've probably discovered that none of the old met…
Fine Tune your automatic Updates for Ubuntu / Debian
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question