Solved

Limit ftp access to one root folder, Linux shared server.

Posted on 2009-05-16
7
1,196 Views
Last Modified: 2013-12-09
BACKGROUND
My business partner and myself are establishing a membership site where we will be giving/selling access to downloadable files.  These files must be stored in a "Download" folder in the root, behind public_html for security reasons.

The site is on my server and I need to give my partner ftp access in order to upload and manage the files in this one folder.

PROBLEM
My business partner is very new to working with servers and I don't want any changes being made to any other folder then just the Download folder I'm giving access to.

QUESTION
How do I limit my business partner's access to only ftp to the one root folder?

This is on a Linux shared server.
0
Comment
Question by:trishahdee
7 Comments
 
LVL 40

Expert Comment

by:omarfarid
ID: 24402950
make this dir his login dir, and if you are using vsftpd then look at this link

http://www.experts-exchange.com/OS/Linux/Q_23155804.html?cid=236#a20875109
0
 

Author Comment

by:trishahdee
ID: 24403055
I don't know what vsftpd  is.  Is this something I can do from cpanel or is there something in the root that I am looking for?  I am on LunarPages.com server, if that helps.
0
 
LVL 40

Expert Comment

by:omarfarid
ID: 24403602
vsftpd is "very secure ftp daemon" that comes with linux servers and very good as ftp server.
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:trishahdee
ID: 24403800
I talked to tech support at LunarPages and this is their reply:

        We use pure-ftpd for our FTP server.

        What you are wanting is not possible on our shared servers.

        You can set up an FTP user, but the folder that they can access will need to be below your
        /public_html folder.

So my next question is, is there a way to use .htaccess to limit my business partners ftp access from root folder Downloads to public_html?
0
 
LVL 28

Expert Comment

by:lesouef
ID: 24405312
.htaccess is used by apache, nothing to see with ftp server.
and you download folder should not be in the web server directory tree but outside that tree. and you should have a php script to stream the file to the client who want to download it, the only secure way, otherwise people can try to guess filenames at the root level and download everything they guess.
0
 
LVL 14

Expert Comment

by:Monis Monther
ID: 24406129
To jail users in there home dir in pure-ftpd

start the ftp service with -a and -A option

0
 

Accepted Solution

by:
trishahdee earned 0 total points
ID: 24513712
Sry it's taken me so long to get back to this.  Had hd pbms that are fixed now.  So here is what happened...  LunarPages tech support sent me the following information about setting up a symlink that worked.  Basically I created a folder in the public_html directory whose only purpose is to link back behind the public_html folder to where the Downloads folder is.  The ftp acct is set up to the symlink folder and it works perfect.  Here are the instructions:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

If you would like to setup an FTP account that loads to the 'Downloads' folder on your account behind your public_html folder, you would need to setup a symlink in the public_html folder on your account that links back to the 'Downloads' folder. To do this, you can simply create a plain-text file on your account and name it 'symlink.php', then add the following to the file:

=====
<?php
$target = '/home/acctname/Downloads';
$link = '/home/acctname/public_html/yourfoldername';

symlink($target, $link);
?>
=====

The "=====" should not be copied into the file; only the text between them. You would also need to replace 'acctname' with your account name and replace 'yourfoldername' in the above $link with the name of the folder (which will actually be a symlink linking back to the 'Downloads' folder) you wish to use in the public_html folder for this content.

Once you have uploaded the above content in file file named 'symlink.php' to the public_html folder on your account, you would need to run the file using the link http://yourdomain.com/symlink.php . This will create the link from '/public_html/yourfoldername' to the 'Downloads' folder. After the file has been successfully run, you can remove it from your account.

You would then need to setup the FTP account by going to cPanel > FTP Manager > FTP Accounts > then clicking 'Add FTP Account'. What you enter as the Directory should be the same as the 'yourfoldername' used in the above symlink creation PHP script.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Thank you to everyone who tried to help.
 
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the past decade, as Internet security has become a chief concern of IT professionals, one of the most common questions administrators and users ask is, “Which is more secure, SFTP or FTPS?” In short, both file transfer protocols offer a high…
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question