• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 327
  • Last Modified:

Locking certain directories

I am running a website, where i would like to give people FTP access, when the user ftps in they start in

/home/%username%

if they wander to /var/www/html they can access all the html thats stored on the site. I dont want them to be able to access these folders, is there anything i can do??
0
Matthew Tandy
Asked:
Matthew Tandy
  • 2
  • 2
1 Solution
 
stefan73Commented:
Use chroot. There are plenty of nice step-by-step explanations on the web for this, just search for "chroot jail".

Here are some examples:
http://www.kegel.com/crosstool/current/doc/chroot-login-howto.html
http://www.geniusweb.com/LDP/HOWTO/Chroot-BIND8-HOWTO.html
0
 
Alf666Commented:
Just use an ftp server that makes all this right away for you : vsftpd.

http://vsftpd.beasts.org/

You can find RPMs for most distros.
0
 
Matthew TandyAuthor Commented:
Im sure ive done it before with just chmod though, however this time if i chmod the html folder or any others below to 700 it wont let the site work
0
 
Alf666Commented:
You can do that in chmod, but that will not secure your whole box. vsftpd is very easy to setup, and stands for "very secure ftp server".

It's been made exactly for what you need.

If you want to chmod, the reason why it won't work is that the user the html folder belongs to is different from the one the httpd is configured to use.

If you chmod 700, then, you should chown to whoever is the httpd user (then, 500 might be better, btw).

To find out, just do :

grep "^User" /etc/httpd/httpd.conf
(or wherever your apache config file is).

0
 
Matthew TandyAuthor Commented:
Got it working now, i made the group apache have access, and the user who is the web master, then chmoded it 750

Thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now