Solved

Stopping FTP accounts from cd'ing out of their home directory

Posted on 2001-09-03
2
233 Views
Last Modified: 2013-12-16
I have a debian linux webserver with several client websites. Each client has an FTP account with their home directory set to /usr/local/apache/htdocs/client/<client_directory> and a default shell of /bin/ftponly.

How can I stop these clients from being able to 'cd ..' out of their home directory and right up to /?

I don't want any clients to be able to cd ../<another_client_directory> through FTP, but I need to keep read access open to anyone for webserving purposes

I am using ProFTPD 1.2.0.

Any help much appreciated.
0
Comment
Question by:greebo
2 Comments
 
LVL 3

Accepted Solution

by:
jnbkze earned 100 total points
ID: 6450610
Hi Greebo,

Taken from the ftpaccess man page is the following. I think it should be enough information as to how to set this up.

 guest-root <root-dir> [<uid-range>]

            <root-dir>  specified  the  chroot()  path  for guest users.  If no guest-root is is matched, the old
            method of parsing the user's home directory is used.  If no <uid-range> is  specified,  this  is  the
            root  directory  for  guest  users who do not match any other guest-root specification.  Multiple uid
            ranges may be given on the line.  If a guest-root is chosen for the user, the user's  home  directory
            in the <root-dir>/etc/passwd file is used to determine the initial directory and their home directory
            in the system-wide /etc/passwd is not used.

            <uid-range> specifies numeric UID values.  Ranges are specified by giving the lower and upper  bounds
            (inclusive),  separated by a dash.  Omitting the lower bound means "all up to", and omitted the upper
            bound means "all starting from".

            For example:
                guest-root /home/users
                guest-root /home/staff %100-999 sally
                guest-root /home/users/frank/ftp frank
            causes all guest users to chroot() to /home/users then starts each user in their home directory spec-
            ified in /home/users/etc/passwd.  Users in the range 100 through 999, inclusive, and user sally, will
            be chroot()'d to /home/staff and the CWD will be taken from their entries in  /home/staff/etc/passwd.
            The  single user frank will be chroot()'d to /home/users/owner/ftp and the CWD will be from his entry
            in /home/users/owner/ftp/etc/passwd.

            Note that order is important for both anonymous-root and guest-root.  If a user would match  multiple
            clauses,  only  the  first  applies;  with  the exception of the clause which has no <class> or <uid-
            range>, which applies only if no other clause matches.


Regards,
jnbkze
0
 
LVL 1

Author Comment

by:greebo
ID: 6450643
thanks jnbkze,

though I managed to sort it out by adding
<VirtualHost [IP_Address]>
DefaultRoot ~
</VirtualHost>
to the proftpd.conf file b4 I got your answer.

thanks anyway
greebo
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I am a long time windows user and for me it is normal to have spaces in directory and file names. Changing to Linux I found myself frustrated when I moved my windows data over to my new Linux computer. The problem occurs when at the command line.…
Fine Tune your automatic Updates for Ubuntu / Debian
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now