Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

ftpd Server question...

Posted on 2000-05-05
8
471 Views
Last Modified: 2012-05-04
Greetings

 I have a ftpd server setup on a customers box running linux 5.2, and they're not ready to change any software yet.  I have created a handful of FTP users.  Each user is a member of the same "FTP" group.  When each respective user logs in, they chroot to their home ftp directory.  I noticed that one user can change into another user's directory and other "sensitive" areas of the filesystem.  How do I restrict each user from having this ability.  I want them to be restricted to their respective home FTP directories.  Thankx ahead for any help.......

Nat
0
Comment
Question by:toolminator
  • 4
  • 2
  • 2
8 Comments
 

Author Comment

by:toolminator
ID: 2781850
Adjusted points from 100 to 1000
0
 
LVL 3

Accepted Solution

by:
jyu_88 earned 1000 total points
ID: 2781931
You will need to set it up so that 'chroot' really happens. If chroot is configured to user's home, they will see /home/user1 as / when they ftp in.

How-to set chroot for user depends on which ftp server you are running:

with wu-ftpd, you'd need to add 'ftp' group to /etc/ftpgroups. then change user's home dir as '/home/user/./' or alike. the . will be the chroot point.
'usermod -d newHomeDir user'. man ftpd for more details.

with proftpd, it is quite simple, just enable "DefaultRoot  ~" in /etc/proftpd.conf

0
 

Author Comment

by:toolminator
ID: 2781968
First off , thankx for responding back.....

I've read the notes on wuftpd and proftpd (which looked really appealing, but software updates aren't an option at the moment), but they're using the ftpd that came with the redhat distribution cd.  I believe it was just called ftpd.

Nat
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 
LVL 2

Expert Comment

by:modulus
ID: 2782004
Don't allow the users to use chroot!.  It should be restricted to superuser/root only.  The chroot should be done by the server.  I've only done this for wu-ftpd, but I'm sure there's similar functionality in all other servers. Look for information about "virtual domains" for your particular server.  You add the user/guest to a /virtual/domainX.com/etc/ftpaccess list and then in a /virtual/domainX.com/etc/passwd specify the chroot dir and the starting home dir

Check the manual pages at: http://www.landfield.com/wu-ftpd
Relevant excerpt:

The user's home directory must be properly set  up,  exactly
     as  anonymous FTP would be.  The home directory field of the
     passwd entry is divided into  two  directories.   The  first
     field  is  the  root directory which will be the argument to
     the chroot(2) call.  The second  half  is  the  user's  home
     directory  relative  to  the root directory.  The two halves
     are separated by a "/./".

     Example:
     in /etc/passwd, the real entry:

     guest1:<passwd>:100:92:Guest Account:/ftp/./incoming:/etc/ftponly
     When guest1 successfully logs in, the ftp  server  will  )""
     chroot("/ftp")  and  then )"" chdir("/incoming") . The guest
     user will only be able to  access  the  directory  structure
     under /ftp (which will look and act as / to guest1), just as
     an anonymous FTP user would.
0
 
LVL 3

Expert Comment

by:jyu_88
ID: 2782025
ftpd comes with RedHat is wu-ftpd. so just follow the info I gave above to configure chroot for users in 'ftp' group. add 'ftp' to /etc/ftpgroups, then change users home dir to special format with the '.'.

modulus, what you are talking about 'not letting users to use chroot?' wu-ftpd server will handle the chroot.
0
 

Author Comment

by:toolminator
ID: 2782110
Be back shortly, trying it out now....

Thanks for the input!!!!!!!!!!

me
0
 
LVL 2

Expert Comment

by:modulus
ID: 2782284
jyu_88,
reading his question it seemed that he was talking about letting the _user_ run chroot, whereas one wants the _server_ to execute chroot.  A big difference don't you think? Like I said "The
                 chroot should be done by the server" and like you said "wu-ftpd server
                 will handle the chroot."  So it seems we are in agreement, no?
best wishes,
modulus
0
 

Author Comment

by:toolminator
ID: 2784618
Hmmmmmmmmmmm.....

Still letting the person drop down directories... Bummer...
But I did go and grab the proftpd as a backup plan, much more straight forward!!! And it works!!! Bonus points... Guess they're just gonna have to deal with having new software....

Thankx big time for the input... A huge help as usual....

Nat
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
reset ubuntu password for root and admin after clearing it. 7 57
Linux FTP Error 5 33
SSL/TLS - openssl troubleshooting 3 41
trouble on installing syslog-ng on CentOS 7 7 56
Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
SSH (Secure Shell) - Tips and Tricks As you all know SSH(Secure Shell) is a network protocol, which we use to access/transfer files securely between two networked devices. SSH was actually designed as a replacement for insecure protocols that sen…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question