Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Stopping FTP accounts from cd'ing out of their home directory

Posted on 2001-09-03
2
Medium Priority
?
240 Views
Last Modified: 2013-12-16
I have a debian linux webserver with several client websites. Each client has an FTP account with their home directory set to /usr/local/apache/htdocs/client/<client_directory> and a default shell of /bin/ftponly.

How can I stop these clients from being able to 'cd ..' out of their home directory and right up to /?

I don't want any clients to be able to cd ../<another_client_directory> through FTP, but I need to keep read access open to anyone for webserving purposes

I am using ProFTPD 1.2.0.

Any help much appreciated.
0
Comment
Question by:greebo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 3

Accepted Solution

by:
jnbkze earned 400 total points
ID: 6450610
Hi Greebo,

Taken from the ftpaccess man page is the following. I think it should be enough information as to how to set this up.

 guest-root <root-dir> [<uid-range>]

            <root-dir>  specified  the  chroot()  path  for guest users.  If no guest-root is is matched, the old
            method of parsing the user's home directory is used.  If no <uid-range> is  specified,  this  is  the
            root  directory  for  guest  users who do not match any other guest-root specification.  Multiple uid
            ranges may be given on the line.  If a guest-root is chosen for the user, the user's  home  directory
            in the <root-dir>/etc/passwd file is used to determine the initial directory and their home directory
            in the system-wide /etc/passwd is not used.

            <uid-range> specifies numeric UID values.  Ranges are specified by giving the lower and upper  bounds
            (inclusive),  separated by a dash.  Omitting the lower bound means "all up to", and omitted the upper
            bound means "all starting from".

            For example:
                guest-root /home/users
                guest-root /home/staff %100-999 sally
                guest-root /home/users/frank/ftp frank
            causes all guest users to chroot() to /home/users then starts each user in their home directory spec-
            ified in /home/users/etc/passwd.  Users in the range 100 through 999, inclusive, and user sally, will
            be chroot()'d to /home/staff and the CWD will be taken from their entries in  /home/staff/etc/passwd.
            The  single user frank will be chroot()'d to /home/users/owner/ftp and the CWD will be from his entry
            in /home/users/owner/ftp/etc/passwd.

            Note that order is important for both anonymous-root and guest-root.  If a user would match  multiple
            clauses,  only  the  first  applies;  with  the exception of the clause which has no <class> or <uid-
            range>, which applies only if no other clause matches.


Regards,
jnbkze
0
 
LVL 1

Author Comment

by:greebo
ID: 6450643
thanks jnbkze,

though I managed to sort it out by adding
<VirtualHost [IP_Address]>
DefaultRoot ~
</VirtualHost>
to the proftpd.conf file b4 I got your answer.

thanks anyway
greebo
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Little introduction about CP: CP is a command on linux that use to copy files and folder from one location to another location. Example usage of CP as follow: cp /myfoder /pathto/destination/folder/ cp abc.tar.gz /pathto/destination/folder/ab…
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

618 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question