Solved

Limit ftp access to one root folder, Linux shared server.

Posted on 2009-05-16
7
1,188 Views
Last Modified: 2013-12-09
BACKGROUND
My business partner and myself are establishing a membership site where we will be giving/selling access to downloadable files.  These files must be stored in a "Download" folder in the root, behind public_html for security reasons.

The site is on my server and I need to give my partner ftp access in order to upload and manage the files in this one folder.

PROBLEM
My business partner is very new to working with servers and I don't want any changes being made to any other folder then just the Download folder I'm giving access to.

QUESTION
How do I limit my business partner's access to only ftp to the one root folder?

This is on a Linux shared server.
0
Comment
Question by:trishahdee
7 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 24402950
make this dir his login dir, and if you are using vsftpd then look at this link

http://www.experts-exchange.com/OS/Linux/Q_23155804.html?cid=236#a20875109
0
 

Author Comment

by:trishahdee
ID: 24403055
I don't know what vsftpd  is.  Is this something I can do from cpanel or is there something in the root that I am looking for?  I am on LunarPages.com server, if that helps.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 24403602
vsftpd is "very secure ftp daemon" that comes with linux servers and very good as ftp server.
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:trishahdee
ID: 24403800
I talked to tech support at LunarPages and this is their reply:

        We use pure-ftpd for our FTP server.

        What you are wanting is not possible on our shared servers.

        You can set up an FTP user, but the folder that they can access will need to be below your
        /public_html folder.

So my next question is, is there a way to use .htaccess to limit my business partners ftp access from root folder Downloads to public_html?
0
 
LVL 28

Expert Comment

by:lesouef
ID: 24405312
.htaccess is used by apache, nothing to see with ftp server.
and you download folder should not be in the web server directory tree but outside that tree. and you should have a php script to stream the file to the client who want to download it, the only secure way, otherwise people can try to guess filenames at the root level and download everything they guess.
0
 
LVL 14

Expert Comment

by:small_student
ID: 24406129
To jail users in there home dir in pure-ftpd

start the ftp service with -a and -A option

0
 

Accepted Solution

by:
trishahdee earned 0 total points
ID: 24513712
Sry it's taken me so long to get back to this.  Had hd pbms that are fixed now.  So here is what happened...  LunarPages tech support sent me the following information about setting up a symlink that worked.  Basically I created a folder in the public_html directory whose only purpose is to link back behind the public_html folder to where the Downloads folder is.  The ftp acct is set up to the symlink folder and it works perfect.  Here are the instructions:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you would like to setup an FTP account that loads to the 'Downloads' folder on your account behind your public_html folder, you would need to setup a symlink in the public_html folder on your account that links back to the 'Downloads' folder. To do this, you can simply create a plain-text file on your account and name it 'symlink.php', then add the following to the file:

=====
<?php
$target = '/home/acctname/Downloads';
$link = '/home/acctname/public_html/yourfoldername';

symlink($target, $link);
?>
=====

The "=====" should not be copied into the file; only the text between them. You would also need to replace 'acctname' with your account name and replace 'yourfoldername' in the above $link with the name of the folder (which will actually be a symlink linking back to the 'Downloads' folder) you wish to use in the public_html folder for this content.

Once you have uploaded the above content in file file named 'symlink.php' to the public_html folder on your account, you would need to run the file using the link http://yourdomain.com/symlink.php . This will create the link from '/public_html/yourfoldername' to the 'Downloads' folder. After the file has been successfully run, you can remove it from your account.

You would then need to setup the FTP account by going to cPanel > FTP Manager > FTP Accounts > then clicking 'Add FTP Account'. What you enter as the Directory should be the same as the 'yourfoldername' used in the above symlink creation PHP script.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thank you to everyone who tried to help.
 
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now