Restrict permissions in Linux for a ftp user

I have a requirement as below on a server running SuSE Linux Enterprise 11 with /opdata as the directory containing reports that have to be accessed. It has multiple directories within it.

1, Create a ftp user account with only access to ftp and no other services for which I created an account and mapped the home directory to /opdata. I need to restrict him now to only ftp onto the box.

2, The account should have read access to only /opdata/report1 & /opstdata/report2 directories and nothing apart.

Can you guide me in achieving this?

thanks
LVL 1
Peddu_bhanuAsked:
Who is Participating?
 
upanwarCommented:
As per my knowledge wIthout chroot jail your user can visit other directories as well.
0
 
farzanjCommented:
There are multiple parts to this.

First the account has to be create with no shell access, no home directory.

useradd -s /sbin/nologin -d /bin/false ftpuser


Permissions on the folders:

chown ftpuser /opdata/report1
chown ftpuser /opstdata/report2
chmod 500 /opdata/report1
chmod 500 /opsdata/report2


0
 
farzanjCommented:
One adjustment in the useradd above.
useradd -s /sbin/nologin -d /opdata ftpuser

Open in new window


So are /opdata /optsdata two separate folders
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
farzanjCommented:
I would also restrict this user with chroot jail but that is not possible with this directory structure.  If I restrict him to /opdata,  he would not be able to go to /opstdata, unless you make both the folders under the third folder and then we can make chroot jail for this user in that third folder.  This way the user will not be able to see anything else in the system apart from what is in the /third_folder

Do you want that?
0
 
Peddu_bhanuAuthor Commented:
Hi Experts,

I would like to re phrase the question as I now ave more clarity on the issue.

There is a existing directory /xyz , which is a application directory and has many sub directories under it having 775 or 755 permissions on the sub directories.Please note that all the sub directories  are world readable and we dont know who needs read access to them and would be affected if we change the permissions to 750 or remove permissions for others.

So given this situation, we now have a need for a user to be created whose home direcotory should be /XYZ/home and the user should not be able to access any other directory under /XYZ apart from /XYZ/home.I repeat no other directory except for his home /XYZ/HOME

NO chance for chroot jail
And I cannot tweak the permissions for other directories

Is it possible.

Thanks
0
 
farzanjCommented:
I agree with expert upanwar.  It would be too difficult to restrict system without chroot jail.  You will be doing ACLs, SELinux, other permissions to stop users and will have to encounter side effects too.  Chroot jail is the most easy, convenient and acceptable way.
0
 
Peddu_bhanuAuthor Commented:
-
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.