Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 244
  • Last Modified:

Stopping FTP accounts from cd'ing out of their home directory

I have a debian linux webserver with several client websites. Each client has an FTP account with their home directory set to /usr/local/apache/htdocs/client/<client_directory> and a default shell of /bin/ftponly.

How can I stop these clients from being able to 'cd ..' out of their home directory and right up to /?

I don't want any clients to be able to cd ../<another_client_directory> through FTP, but I need to keep read access open to anyone for webserving purposes

I am using ProFTPD 1.2.0.

Any help much appreciated.
0
greebo
Asked:
greebo
1 Solution
 
jnbkzeCommented:
Hi Greebo,

Taken from the ftpaccess man page is the following. I think it should be enough information as to how to set this up.

 guest-root <root-dir> [<uid-range>]

            <root-dir>  specified  the  chroot()  path  for guest users.  If no guest-root is is matched, the old
            method of parsing the user's home directory is used.  If no <uid-range> is  specified,  this  is  the
            root  directory  for  guest  users who do not match any other guest-root specification.  Multiple uid
            ranges may be given on the line.  If a guest-root is chosen for the user, the user's  home  directory
            in the <root-dir>/etc/passwd file is used to determine the initial directory and their home directory
            in the system-wide /etc/passwd is not used.

            <uid-range> specifies numeric UID values.  Ranges are specified by giving the lower and upper  bounds
            (inclusive),  separated by a dash.  Omitting the lower bound means "all up to", and omitted the upper
            bound means "all starting from".

            For example:
                guest-root /home/users
                guest-root /home/staff %100-999 sally
                guest-root /home/users/frank/ftp frank
            causes all guest users to chroot() to /home/users then starts each user in their home directory spec-
            ified in /home/users/etc/passwd.  Users in the range 100 through 999, inclusive, and user sally, will
            be chroot()'d to /home/staff and the CWD will be taken from their entries in  /home/staff/etc/passwd.
            The  single user frank will be chroot()'d to /home/users/owner/ftp and the CWD will be from his entry
            in /home/users/owner/ftp/etc/passwd.

            Note that order is important for both anonymous-root and guest-root.  If a user would match  multiple
            clauses,  only  the  first  applies;  with  the exception of the clause which has no <class> or <uid-
            range>, which applies only if no other clause matches.


Regards,
jnbkze
0
 
greeboAuthor Commented:
thanks jnbkze,

though I managed to sort it out by adding
<VirtualHost [IP_Address]>
DefaultRoot ~
</VirtualHost>
to the proftpd.conf file b4 I got your answer.

thanks anyway
greebo
0

Featured Post

Veeam and MySQL: How to Perform Backup & Recovery

MySQL and the MariaDB variant are among the most used databases in Linux environments, and many critical applications support their data on them. Watch this recorded webinar to find out how Veeam Backup & Replication allows you to get consistent backups of MySQL databases.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now