?
Solved

How to give user access to WU-FTP without giving access to rest of file system

Posted on 2004-11-06
5
Medium Priority
?
793 Views
Last Modified: 2008-01-09
We have a user who we want to give read/write access to a directory we host via WU-FTP.  We setup WU-FTP, set the users home directory to the ftp directory, gave the user read/write access and anonymous read only access.  The problem is the user can traverse the filesystem.  Is there a way to stop this while still giving the user read/write to the FTP server?

Server is Red Hat Ent 3.0, WU-FTP2.6.2-12

Thanks,
Robert
0
Comment
Question by:rbowen00
  • 2
  • 2
5 Comments
 
LVL 38

Accepted Solution

by:
wesly_chen earned 1400 total points
ID: 12514301
Hi,

   You need to use guset-ftp (not anonymous ftp) model in wu-ftp.
Check the following URL:
http://www.wu-ftpd.org/HOWTO/guest.HOWTO

Wesly
0
 
LVL 2

Assisted Solution

by:deurk
deurk earned 600 total points
ID: 12516504
You want to chroot your users in their own directory (ie block them to get outside it):

in /etc/passwd, check concerned user line:
user1:*:403:400:Description of User1:/home/ftp/user1/:/etc/ftponly

change it to:
user1:*:403:400:Description of User1:/home/ftp/user1/./:/etc/ftponly
(Notice the /. added at end of user directory)

This will ensure that the user is staying inside his own space.

Hope this helps.
0
 

Author Comment

by:rbowen00
ID: 12519915
Duerk,

  I couldn't get the solution you provided to work. I tried both a /. and a ./ at the end of the user directory.  The account can still traverse directories.  I'm running a standard install, could it be something that needs to be changed?

Thanks,
Robert

0
 
LVL 38

Expert Comment

by:wesly_chen
ID: 12520801
Hi rbowen00,

   Please read the following URL carefully:
http://www.wu-ftpd.org/HOWTO/guest.HOWTO

   It's not just do what deurk's suggestion. You need to do more than that.

Wesly
0
 
LVL 2

Expert Comment

by:deurk
ID: 12532626
You could also give a try at pure-ftpd which is easier to administer and maintain (allowing that kind of configuration really easily)
0

Featured Post

A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Integration Management Part 2
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question