We help IT Professionals succeed at work.

restricting FTP access

dougis
dougis asked
on
Medium Priority
387 Views
Last Modified: 2013-12-27
I need a hand restricting FTP access on a Solaris 8 box. We are runnign ftpd and have decided (for the first time) to allow a user to connect and gather data, the problem is I want them to be chrooted just like an anonymous user would so they can only access their own home directory.

I can't seem to find how to do this (I have read the man page for ftpd but is only addresses the ftp and anonymous users)
Help?
Comment
Watch Question

So is in Solaris but look at:
www.sunfreeware.com to
wuftpd-2.6.1-sol8
its wery goot ftpd.
Try it

Author

Commented:
Are you saying it can't be done using ftpd? I would rahter not have to completely change the system if it isn't needed. I have looked at both wu-ftpd and proftpd and both would work, I would just prefer to keep the system as is if I can do it that way.
This can not be done with the stock Solaris FTP.

WU-FTPD can do this, among other things, but has a poor track record on the security front (in fact, there's a buffer overflow that was discovered a few weeks ago for which patches are just now coming out.

If you're concerned about security, however, you probably don't want to use FTP in the first place since it transmits everything (data and passwords) in the clear over the network where anyone can sniff them.

Instead, you should consider using OpenSSH, which offers FTP-like functionality (along with rlogin, rsh and rcp functionality), but encrypts everything.

Commented:
The supplied ftp daemon is not equipped to perform such a thing. The designed intention is to provide access for users within the scope of the shell access, only for file transfers.

In order to provide secure/chrooted access, try open source products, such as proftpd which do what you want. Also, sometimes it is better to split read and write access up, i.e. provide upload to a common directory only (via tcpwrapped/anonymous ftp) and download through the web server, controlled by .htaccess.

K.

Explore More ContentExplore courses, solutions, and other research materials related to this topic.