?
Solved

Stopping FTP accounts from cd'ing out of their home directory

Posted on 2001-09-03
2
Medium Priority
?
238 Views
Last Modified: 2013-12-16
I have a debian linux webserver with several client websites. Each client has an FTP account with their home directory set to /usr/local/apache/htdocs/client/<client_directory> and a default shell of /bin/ftponly.

How can I stop these clients from being able to 'cd ..' out of their home directory and right up to /?

I don't want any clients to be able to cd ../<another_client_directory> through FTP, but I need to keep read access open to anyone for webserving purposes

I am using ProFTPD 1.2.0.

Any help much appreciated.
0
Comment
Question by:greebo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Accepted Solution

by:
jnbkze earned 400 total points
ID: 6450610
Hi Greebo,

Taken from the ftpaccess man page is the following. I think it should be enough information as to how to set this up.

 guest-root <root-dir> [<uid-range>]

            <root-dir>  specified  the  chroot()  path  for guest users.  If no guest-root is is matched, the old
            method of parsing the user's home directory is used.  If no <uid-range> is  specified,  this  is  the
            root  directory  for  guest  users who do not match any other guest-root specification.  Multiple uid
            ranges may be given on the line.  If a guest-root is chosen for the user, the user's  home  directory
            in the <root-dir>/etc/passwd file is used to determine the initial directory and their home directory
            in the system-wide /etc/passwd is not used.

            <uid-range> specifies numeric UID values.  Ranges are specified by giving the lower and upper  bounds
            (inclusive),  separated by a dash.  Omitting the lower bound means "all up to", and omitted the upper
            bound means "all starting from".

            For example:
                guest-root /home/users
                guest-root /home/staff %100-999 sally
                guest-root /home/users/frank/ftp frank
            causes all guest users to chroot() to /home/users then starts each user in their home directory spec-
            ified in /home/users/etc/passwd.  Users in the range 100 through 999, inclusive, and user sally, will
            be chroot()'d to /home/staff and the CWD will be taken from their entries in  /home/staff/etc/passwd.
            The  single user frank will be chroot()'d to /home/users/owner/ftp and the CWD will be from his entry
            in /home/users/owner/ftp/etc/passwd.

            Note that order is important for both anonymous-root and guest-root.  If a user would match  multiple
            clauses,  only  the  first  applies;  with  the exception of the clause which has no <class> or <uid-
            range>, which applies only if no other clause matches.


Regards,
jnbkze
0
 
LVL 1

Author Comment

by:greebo
ID: 6450643
thanks jnbkze,

though I managed to sort it out by adding
<VirtualHost [IP_Address]>
DefaultRoot ~
</VirtualHost>
to the proftpd.conf file b4 I got your answer.

thanks anyway
greebo
0

Featured Post

TCP/IP Network Protocol Cheat Sheet

TCP/IP is a set of network protocols which is best known for connecting the machines that make up the Internet. The truth is that TCP/IP is one of the oldest network protocols and its survival is mainly based on its simplicity and universality.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
Setting up Secure Ubuntu server on VMware 1.      Insert the Ubuntu Server distribution CD or attach the ISO of the CD which is in the “Datastore”. Note that it is important to install the x64 edition on servers, not the X86 editions. 2.      Power on th…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
Suggested Courses
Course of the Month8 days, 18 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question