Solved

FTP users - preventing access to other directories

Posted on 2004-10-06
10
239 Views
Last Modified: 2013-12-04
I want to allow an external user to access my unix system(through ftp) and drop/read files from one particular directory. for example the ftp user can go to directory /A/B/C and drop files to this directory or pick files from this directory.

The issue here that this after logging in using the ftp user id and password, this user can go to the root by doing a cd/ and once there, can access any files/directories that have the 666(rw_rw_rw) permissions.

How can I prevent this ftp user  from accessing/seeing any directory other than /A/B/C??

Thanks.
0
Comment
Question by:AreyannGurbaxani
10 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 50 total points
ID: 12244806
You need to set up a chroot enviornment for the FTP server that locks the user into /A when the FTP sesion starts. Within that session a user can 'cd' to any directory below /A (e.g. /A/B, or /A/C/D), but will not be able to change to any directory outside of /A. Effectively the root directory becomes the directory of the chroot environment.

How this is done depends on what FTP server your Unix system runs. The standard FTP server found on many Unix systems is a direct descendant of the original BSD server and it can be quite a bit of work to set up a chroot FTP server. FTP servers of later genre (NcFTPd, ProFTP, vsftpd, etc) make this quite easy.

0
 
LVL 14

Assisted Solution

by:chris_calabrese
chris_calabrese earned 50 total points
ID: 12250502
The ftpd man page on your system probably tells how to set this up.
0
 
LVL 48

Expert Comment

by:Tintin
ID: 12253481
What Unix flavour are you running and which FTP server are you running?

0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 61

Assisted Solution

by:gheist
gheist earned 50 total points
ID: 12256226
This option is called "chroot user to home directory" on most ftp servers
If your system ftp server does not support that, you can use PureFTPd or ProFTPd to accomplish what you need.
0
 
LVL 2

Assisted Solution

by:Troxalias
Troxalias earned 50 total points
ID: 12284377
It  depends on the ftp server you are using but maybe this will do the trick:
Support that user's home directory is /A/B . Edit /etc/passwd and change user's home directory to /A/./B . Depending on your ftpd when the user logs in he will see /A/B as the root direcotry...
0
 
LVL 13

Assisted Solution

by:Caseybea
Caseybea earned 50 total points
ID: 12405862
Sounds like you're running a pretty icky FTP server.    I'd get rid of it........... (who know what OTHER security holes you have because of it?)

This is the most secure FTP server known today for Unix systems--  and it's free.   And the documentation as well as configuration file are clearly laid out.

http://vsftpd.beasts.org/

0
 
LVL 13

Expert Comment

by:Caseybea
ID: 15694018
I'd recommend an even split.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Users of Windows 10 Professional can disable automatic reboots using the policy editor. This tool is not included in the Windows home edition. But don't worry! Follow the instructions below to install (a Win7) policy editor on your Windows 10 Home e…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now