Solved

FTP users - preventing access to other directories

Posted on 2004-10-06
10
245 Views
Last Modified: 2013-12-04
I want to allow an external user to access my unix system(through ftp) and drop/read files from one particular directory. for example the ftp user can go to directory /A/B/C and drop files to this directory or pick files from this directory.

The issue here that this after logging in using the ftp user id and password, this user can go to the root by doing a cd/ and once there, can access any files/directories that have the 666(rw_rw_rw) permissions.

How can I prevent this ftp user  from accessing/seeing any directory other than /A/B/C??

Thanks.
0
Comment
Question by:AreyannGurbaxani
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 12244806
You need to set up a chroot enviornment for the FTP server that locks the user into /A when the FTP sesion starts. Within that session a user can 'cd' to any directory below /A (e.g. /A/B, or /A/C/D), but will not be able to change to any directory outside of /A. Effectively the root directory becomes the directory of the chroot environment.

How this is done depends on what FTP server your Unix system runs. The standard FTP server found on many Unix systems is a direct descendant of the original BSD server and it can be quite a bit of work to set up a chroot FTP server. FTP servers of later genre (NcFTPd, ProFTP, vsftpd, etc) make this quite easy.

0
 
LVL 14

Assisted Solution

by:chris_calabrese
chris_calabrese earned 50 total points
ID: 12250502
The ftpd man page on your system probably tells how to set this up.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 12253481
What Unix flavour are you running and which FTP server are you running?

0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 62

Assisted Solution

by:gheist
gheist earned 50 total points
ID: 12256226
This option is called "chroot user to home directory" on most ftp servers
If your system ftp server does not support that, you can use PureFTPd or ProFTPd to accomplish what you need.
0
 
LVL 2

Assisted Solution

by:Troxalias
Troxalias earned 50 total points
ID: 12284377
It  depends on the ftp server you are using but maybe this will do the trick:
Support that user's home directory is /A/B . Edit /etc/passwd and change user's home directory to /A/./B . Depending on your ftpd when the user logs in he will see /A/B as the root direcotry...
0
 
LVL 13

Assisted Solution

by:Caseybea
Caseybea earned 50 total points
ID: 12405862
Sounds like you're running a pretty icky FTP server.    I'd get rid of it........... (who know what OTHER security holes you have because of it?)

This is the most secure FTP server known today for Unix systems--  and it's free.   And the documentation as well as configuration file are clearly laid out.

http://vsftpd.beasts.org/

0
 
LVL 13

Expert Comment

by:Caseybea
ID: 15694018
I'd recommend an even split.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
In an interesting question (https://www.experts-exchange.com/questions/29008360/) here at Experts Exchange, a member asked how to split a single image into multiple images. The primary usage for this is to place many photographs on a flatbed scanner…

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question