• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9472
  • Last Modified:

creating read-only ftp user

Hi I am running Solaris.  

I just wanted to know if there is a way to create a read-only user account that allows the user to ftp files out.  

Thanks in advance :)
0
Trigger_Hippie
Asked:
Trigger_Hippie
  • 4
  • 2
2 Solutions
 
gripeCommented:
Hi Trigger_Hippie,

Yes, just change the permissions to read-only for the directory (and subdirectories) that user has access to.


0
 
gripeCommented:
chmod -R 440 /where/your/ftpusers/home/directory/is

Will change all permissions under /where/your/ftpusers/home/directory/is to user=read, group=read, other=none

Be careful with the -R option.. it's recursive (IE: it changes the directory you specify and ALL subdirectories and files to the same permissions)
0
 
gripeCommented:
ack i'm sorry.. i mistyped.. you'll need to give the user execute access to the directories so that he/she can change directory to them.

chmod 550 on the directory rather than 440 (440 on the files)
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Trigger_HippieAuthor Commented:
I'm a bit of a newbie at this so bare with me...

"Yes, just change the permissions to read-only for the directory (and subdirectories) that user has access to."

how do you specify what directories a user/group can access?
0
 
Trigger_HippieAuthor Commented:
I'm a bit of a newbie at this so bare with me...

"Yes, just change the permissions to read-only for the directory (and subdirectories) that user has access to."

how do you specify what directories a user/group can access?

Would i have to chmod o= /directory/ to all directories I don't want the user/group to access?  Or is there a way I can just specify this user/group can only access /this/directory/ ?
0
 
gripeCommented:
It depends on what ftp daemon you're using. In some you can 'lock' (chroot) the user to a specific directory or set of subdirectories and manage permissions from there. In (most) others, they can navigate through the filesystem's parent directories because these directories have rx permissions for 'other' or 'all'.

However, generally the user will not be able to write to any directory/file/filesystem outside of his home directory (unless you specifically give him permission to or possibly in the /tmp filesystem/directory) so if you change the user's home directory and files to 'read only' they will only be able to read from there (and by default wherever else typical system users can read from)

If you want to lock the user to within a specific directory (IE: so that cd / returns them to their home directory), this is somewhat more complex and usually requires an ftpd that supports chrooting. To explain this I need to know what version of ftpd you're using.
0
 
gheistCommented:
Depends on how strong is your will ...

Each offers different degree and perceptions of safety
1) make user into separate group and make its home directory to belong to others , and not writable by "o" (chmod -R o-w ~ftpluser)
2) make a user account chroot into home dir, set up as (1) // not supported by default in.ftpd
3) use special read-only one-user ftp server // -"-
4) for maximum paranoia level limit rarely used commands, like EPSV FXP etc // ????
5) make sure you log every command to adjust other parameters and solve problems

So for maximum safety I suggest something like downloading pureftpd from sunfreeware or so
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now