Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

FTP users - preventing access to other directories

Posted on 2004-10-06
10
Medium Priority
?
256 Views
Last Modified: 2013-12-04
I want to allow an external user to access my unix system(through ftp) and drop/read files from one particular directory. for example the ftp user can go to directory /A/B/C and drop files to this directory or pick files from this directory.

The issue here that this after logging in using the ftp user id and password, this user can go to the root by doing a cd/ and once there, can access any files/directories that have the 666(rw_rw_rw) permissions.

How can I prevent this ftp user  from accessing/seeing any directory other than /A/B/C??

Thanks.
0
Comment
Question by:AreyannGurbaxani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
ID: 12244806
You need to set up a chroot enviornment for the FTP server that locks the user into /A when the FTP sesion starts. Within that session a user can 'cd' to any directory below /A (e.g. /A/B, or /A/C/D), but will not be able to change to any directory outside of /A. Effectively the root directory becomes the directory of the chroot environment.

How this is done depends on what FTP server your Unix system runs. The standard FTP server found on many Unix systems is a direct descendant of the original BSD server and it can be quite a bit of work to set up a chroot FTP server. FTP servers of later genre (NcFTPd, ProFTP, vsftpd, etc) make this quite easy.

0
 
LVL 14

Assisted Solution

by:chris_calabrese
chris_calabrese earned 200 total points
ID: 12250502
The ftpd man page on your system probably tells how to set this up.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 12253481
What Unix flavour are you running and which FTP server are you running?

0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 62

Assisted Solution

by:gheist
gheist earned 200 total points
ID: 12256226
This option is called "chroot user to home directory" on most ftp servers
If your system ftp server does not support that, you can use PureFTPd or ProFTPd to accomplish what you need.
0
 
LVL 2

Assisted Solution

by:Troxalias
Troxalias earned 200 total points
ID: 12284377
It  depends on the ftp server you are using but maybe this will do the trick:
Support that user's home directory is /A/B . Edit /etc/passwd and change user's home directory to /A/./B . Depending on your ftpd when the user logs in he will see /A/B as the root direcotry...
0
 
LVL 13

Assisted Solution

by:Caseybea
Caseybea earned 200 total points
ID: 12405862
Sounds like you're running a pretty icky FTP server.    I'd get rid of it........... (who know what OTHER security holes you have because of it?)

This is the most secure FTP server known today for Unix systems--  and it's free.   And the documentation as well as configuration file are clearly laid out.

http://vsftpd.beasts.org/

0
 
LVL 13

Expert Comment

by:Caseybea
ID: 15694018
I'd recommend an even split.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
This tutorial will teach you the special effect of super speed similar to the fictional character Wally West aka "The Flash" After Shake : http://www.videocopilot.net/presets/after_shake/ All lightning effects with instructions : http://www.mediaf…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question