How to give user access to WU-FTP without giving access to rest of file system

Posted on 2004-11-06
Last Modified: 2008-01-09
We have a user who we want to give read/write access to a directory we host via WU-FTP.  We setup WU-FTP, set the users home directory to the ftp directory, gave the user read/write access and anonymous read only access.  The problem is the user can traverse the filesystem.  Is there a way to stop this while still giving the user read/write to the FTP server?

Server is Red Hat Ent 3.0, WU-FTP2.6.2-12

Question by:rbowen00
    LVL 38

    Accepted Solution


       You need to use guset-ftp (not anonymous ftp) model in wu-ftp.
    Check the following URL:

    LVL 2

    Assisted Solution

    You want to chroot your users in their own directory (ie block them to get outside it):

    in /etc/passwd, check concerned user line:
    user1:*:403:400:Description of User1:/home/ftp/user1/:/etc/ftponly

    change it to:
    user1:*:403:400:Description of User1:/home/ftp/user1/./:/etc/ftponly
    (Notice the /. added at end of user directory)

    This will ensure that the user is staying inside his own space.

    Hope this helps.

    Author Comment


      I couldn't get the solution you provided to work. I tried both a /. and a ./ at the end of the user directory.  The account can still traverse directories.  I'm running a standard install, could it be something that needs to be changed?


    LVL 38

    Expert Comment

    Hi rbowen00,

       Please read the following URL carefully:

       It's not just do what deurk's suggestion. You need to do more than that.

    LVL 2

    Expert Comment

    You could also give a try at pure-ftpd which is easier to administer and maintain (allowing that kind of configuration really easily)

    Featured Post

    Why You Should Analyze Threat Actor TTPs

    After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

    Join & Write a Comment

    Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
    BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (, affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now