Ubuntu Webmin User Folder Limitation?

Using Webmin 1.530 in Ubuntu.
Is there a way to limit a new user to a specific folder on the Ubuntu server?
If I create a test user and set the folder to like /home/testuser they are able
to roam the whole server once they connect via sftp.
randyphillipsAsked:
Who is Participating?
 
wesly_chenCommented:
for sftp, you need to setup chroot for that user

Here is the detail how-to
http://www.dkpw.co.uk/wp/?p=3428
0
 
MerlinsmasterNetwork Engineer IICommented:
Randyphillips,

You really need to use Usermin instead!  Have read of the following....

Even though it is possible to create a user with access to only his own email, home directory and password, Webmin is not always the best way to provide this kind of single-user web interface. A superior program is Usermin, which was developed by the same author and shares much of the Webmin code and user interface. It is designed to give each Unix user access to only those things that he would be able to access at the command line, such as his email, home directory files and GNUPG configuration. Usermin runs most of its code with the permissions of the logged-in user, so there is far less chance of a user doing things that he is not supposed to, or even gaining root access. See chapter 47 (Usermin Configuration) for more details on how you can manage Usermin from within Webmin.

Q: What is Usermin?

A: Usermin is a web-based tool for standard UNIX system users. Usermin provides web-based email, spam filter configuration, and optional access to advanced user account features like mail forwarding, vacation auto-responding, PostgreSQL? and MySQL? databases, and a powerful Java File Manager applet.

With Usermin, you can allow your users to maintain their own account, including changing passwords, managing files in their home directory, and more. The key to Usermin's power, however, lies in its limitations. With Usermin, one does not have to think about whether the user has too many privileges. A Usermin user has only the privileges of the logged in user, and cannot override those privileges in the same way as Webmin and Virtualmin can. If you trust a user enough to give them an email account, you can trust them enough to give them a Usermin account.


Usermin Information

This is the direction that you need to go!  Webmin is too powerful!

Hope this helps you.

Michael
0
 
randyphillipsAuthor Commented:
I installed Usermin.
Guess I need to read up on that?  I can logon now but this is just a web server running Apache
and I need to setup users and want them to ONLY be able to FTP to their folder - nothing else.
There is no e-mail, etc., on this server.   Simple Apache with multiple domains that need specific
users logging into only their folder and nothing else for web data upload / mods.
Will check it out - ran out of time.
Thx
0
 
randyphillipsAuthor Commented:
This is most likely the best solution after doing further research and even after installing ProFTPD in Webmin it appears this still needs to be done?  No simple GUI way to restrict users in Webmin.  Thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.