Solved

FTP users - preventing access to other directories

Posted on 2004-10-06
10
240 Views
Last Modified: 2013-12-04
I want to allow an external user to access my unix system(through ftp) and drop/read files from one particular directory. for example the ftp user can go to directory /A/B/C and drop files to this directory or pick files from this directory.

The issue here that this after logging in using the ftp user id and password, this user can go to the root by doing a cd/ and once there, can access any files/directories that have the 666(rw_rw_rw) permissions.

How can I prevent this ftp user  from accessing/seeing any directory other than /A/B/C??

Thanks.
0
Comment
Question by:AreyannGurbaxani
10 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 12244806
You need to set up a chroot enviornment for the FTP server that locks the user into /A when the FTP sesion starts. Within that session a user can 'cd' to any directory below /A (e.g. /A/B, or /A/C/D), but will not be able to change to any directory outside of /A. Effectively the root directory becomes the directory of the chroot environment.

How this is done depends on what FTP server your Unix system runs. The standard FTP server found on many Unix systems is a direct descendant of the original BSD server and it can be quite a bit of work to set up a chroot FTP server. FTP servers of later genre (NcFTPd, ProFTP, vsftpd, etc) make this quite easy.

0
 
LVL 14

Assisted Solution

by:chris_calabrese
chris_calabrese earned 50 total points
ID: 12250502
The ftpd man page on your system probably tells how to set this up.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 12253481
What Unix flavour are you running and which FTP server are you running?

0
Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 61

Assisted Solution

by:gheist
gheist earned 50 total points
ID: 12256226
This option is called "chroot user to home directory" on most ftp servers
If your system ftp server does not support that, you can use PureFTPd or ProFTPd to accomplish what you need.
0
 
LVL 2

Assisted Solution

by:Troxalias
Troxalias earned 50 total points
ID: 12284377
It  depends on the ftp server you are using but maybe this will do the trick:
Support that user's home directory is /A/B . Edit /etc/passwd and change user's home directory to /A/./B . Depending on your ftpd when the user logs in he will see /A/B as the root direcotry...
0
 
LVL 13

Assisted Solution

by:Caseybea
Caseybea earned 50 total points
ID: 12405862
Sounds like you're running a pretty icky FTP server.    I'd get rid of it........... (who know what OTHER security holes you have because of it?)

This is the most secure FTP server known today for Unix systems--  and it's free.   And the documentation as well as configuration file are clearly laid out.

http://vsftpd.beasts.org/

0
 
LVL 13

Expert Comment

by:Caseybea
ID: 15694018
I'd recommend an even split.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to setup GAL Sync with MIM 2016 server 2 351
File audit / tracking software 3 83
Firewall -- detecting ex-owner activity ? 1 42
Endpoint security products 4 51
The term "Bad USB" is a buzz word that is usually used when talking about attacks on computer systems that involve USB devices. In this article, I will show what possibilities modern windows systems (win8.x and win10) offer to fight these attacks wi…
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

939 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now