Solved

FTP users - preventing access to other directories

Posted on 2004-10-06
10
243 Views
Last Modified: 2013-12-04
I want to allow an external user to access my unix system(through ftp) and drop/read files from one particular directory. for example the ftp user can go to directory /A/B/C and drop files to this directory or pick files from this directory.

The issue here that this after logging in using the ftp user id and password, this user can go to the root by doing a cd/ and once there, can access any files/directories that have the 666(rw_rw_rw) permissions.

How can I prevent this ftp user  from accessing/seeing any directory other than /A/B/C??

Thanks.
0
Comment
Question by:AreyannGurbaxani
10 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 12244806
You need to set up a chroot enviornment for the FTP server that locks the user into /A when the FTP sesion starts. Within that session a user can 'cd' to any directory below /A (e.g. /A/B, or /A/C/D), but will not be able to change to any directory outside of /A. Effectively the root directory becomes the directory of the chroot environment.

How this is done depends on what FTP server your Unix system runs. The standard FTP server found on many Unix systems is a direct descendant of the original BSD server and it can be quite a bit of work to set up a chroot FTP server. FTP servers of later genre (NcFTPd, ProFTP, vsftpd, etc) make this quite easy.

0
 
LVL 14

Assisted Solution

by:chris_calabrese
chris_calabrese earned 50 total points
ID: 12250502
The ftpd man page on your system probably tells how to set this up.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 12253481
What Unix flavour are you running and which FTP server are you running?

0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 62

Assisted Solution

by:gheist
gheist earned 50 total points
ID: 12256226
This option is called "chroot user to home directory" on most ftp servers
If your system ftp server does not support that, you can use PureFTPd or ProFTPd to accomplish what you need.
0
 
LVL 2

Assisted Solution

by:Troxalias
Troxalias earned 50 total points
ID: 12284377
It  depends on the ftp server you are using but maybe this will do the trick:
Support that user's home directory is /A/B . Edit /etc/passwd and change user's home directory to /A/./B . Depending on your ftpd when the user logs in he will see /A/B as the root direcotry...
0
 
LVL 13

Assisted Solution

by:Caseybea
Caseybea earned 50 total points
ID: 12405862
Sounds like you're running a pretty icky FTP server.    I'd get rid of it........... (who know what OTHER security holes you have because of it?)

This is the most secure FTP server known today for Unix systems--  and it's free.   And the documentation as well as configuration file are clearly laid out.

http://vsftpd.beasts.org/

0
 
LVL 13

Expert Comment

by:Caseybea
ID: 15694018
I'd recommend an even split.
0

Featured Post

Use Case: Protecting a Hybrid Cloud Infrastructure

Microsoft Azure is rapidly becoming the norm in dynamic IT environments. This document describes the challenges that organizations face when protecting data in a hybrid cloud IT environment and presents a use case to demonstrate how Acronis Backup protects all data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Host Profile issue on Esxi 5.5 U3a 6 547
should I worry about this? 6 100
Changing the domain admin password 9 85
Windows Password recovery 7 36
In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

778 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question