Stopping FTP accounts from cd'ing out of their home directory

I have a debian linux webserver with several client websites. Each client has an FTP account with their home directory set to /usr/local/apache/htdocs/client/<client_directory> and a default shell of /bin/ftponly.

How can I stop these clients from being able to 'cd ..' out of their home directory and right up to /?

I don't want any clients to be able to cd ../<another_client_directory> through FTP, but I need to keep read access open to anyone for webserving purposes

I am using ProFTPD 1.2.0.

Any help much appreciated.
LVL 1
greeboAsked:
Who is Participating?
 
jnbkzeConnect With a Mentor Commented:
Hi Greebo,

Taken from the ftpaccess man page is the following. I think it should be enough information as to how to set this up.

 guest-root <root-dir> [<uid-range>]

            <root-dir>  specified  the  chroot()  path  for guest users.  If no guest-root is is matched, the old
            method of parsing the user's home directory is used.  If no <uid-range> is  specified,  this  is  the
            root  directory  for  guest  users who do not match any other guest-root specification.  Multiple uid
            ranges may be given on the line.  If a guest-root is chosen for the user, the user's  home  directory
            in the <root-dir>/etc/passwd file is used to determine the initial directory and their home directory
            in the system-wide /etc/passwd is not used.

            <uid-range> specifies numeric UID values.  Ranges are specified by giving the lower and upper  bounds
            (inclusive),  separated by a dash.  Omitting the lower bound means "all up to", and omitted the upper
            bound means "all starting from".

            For example:
                guest-root /home/users
                guest-root /home/staff %100-999 sally
                guest-root /home/users/frank/ftp frank
            causes all guest users to chroot() to /home/users then starts each user in their home directory spec-
            ified in /home/users/etc/passwd.  Users in the range 100 through 999, inclusive, and user sally, will
            be chroot()'d to /home/staff and the CWD will be taken from their entries in  /home/staff/etc/passwd.
            The  single user frank will be chroot()'d to /home/users/owner/ftp and the CWD will be from his entry
            in /home/users/owner/ftp/etc/passwd.

            Note that order is important for both anonymous-root and guest-root.  If a user would match  multiple
            clauses,  only  the  first  applies;  with  the exception of the clause which has no <class> or <uid-
            range>, which applies only if no other clause matches.


Regards,
jnbkze
0
 
greeboAuthor Commented:
thanks jnbkze,

though I managed to sort it out by adding
<VirtualHost [IP_Address]>
DefaultRoot ~
</VirtualHost>
to the proftpd.conf file b4 I got your answer.

thanks anyway
greebo
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.