Question about restricting FTP

Question about restricting FTP

Post by webmaste » Mon, 13 Mar 2000 04:00:00



Hi -

I'm looking for HOW (Linux 6.1's versions) to restrict (i.e. set the
root directory)
for someone FTP'ing to thier account on my system so they can't "wander"
once they are
in.

I KNOW this can be done, but I'm not sure where to find a "How To.." for
setting
this up.

HELP!!!

Please email or post

Thanks in advance

cg


 
 
 

Question about restricting FTP

Post by David Cunningha » Tue, 14 Mar 2000 04:00:00


I was wondering the same thing recently.  It's amazing what the man pages
will tell you.  To begin with the Linux 6.1 FTP server solution is WU_FTP.
The man page is at "man ftpd" and the docs for this should be at
/usr/doc//wu-ftpd-version

In general there are a few things to change to get the desired behavior.
Let's say we want to restrict user access for user david to his home
directory (/home/david).  Then the following must be done:

1.  Copy all the ftp binaries into his home directory, "cp -a /home/ftp/*
/home/david"  (The -a preserves the permissions and does recursive copy.)
2.  Edit the /etc/ftpaccess file.  At the bottom of this file I have added
"guestuser" entries for each user that is not "anonymous".  Here's an
example:

guestuser    david
guestuser    chuck
guestuser    dhaight
...

3.  Edit the /etc/passwd file so that the home directory and "initial"
directory is specified.  The idea here is that the home directory is now the
ftp root and the initial directory is the directory the user will see when
first logging in.  Here's an example passwd entry for david.

david:x:500:500::/home/david/./pub:/bin/bash

Notice the /./ in between david and pub?  This is a seperator.  FTP root is
on the left side and initial directory is on the right side.  This means
that when user david logs in via FTP, he will automatically end up in
/home/david/pub.  But since /home/david is set as the FTP root, he won't be
able to cd up above /home/david.  In fact the contents of /home/david will
look like the root directory to the FTP user.  And of course /home/david/pub
will look like /pub to him.

4.  Okay.  Now that all the changes are done, go ahead and test it.  If you
have other customization concerns be sure to look at the resources I've
outlined above.  In many ways the docs included with an app are like
"how-tos".
--
<|>/\\/|<|>


> Hi -

> I'm looking for HOW (Linux 6.1's versions) to restrict (i.e. set the
> root directory)
> for someone FTP'ing to thier account on my system so they can't "wander"
> once they are
> in.

> I KNOW this can be done, but I'm not sure where to find a "How To.." for
> setting
> this up.

> HELP!!!

> Please email or post

> Thanks in advance

> cg




 
 
 

Question about restricting FTP

Post by Hudson Hallenbec » Tue, 14 Mar 2000 04:00:00



> Hi -

> I'm looking for HOW (Linux 6.1's versions) to restrict (i.e. set the
> root directory)
> for someone FTP'ing to thier account on my system so they can't "wander"
> once they are
> in.

> I KNOW this can be done, but I'm not sure where to find a "How To.." for
> setting
> this up.

> HELP!!!

> Please email or post

> Thanks in advance

> cg



The way I've done this is to add the line

restricted-uid    username

to the ftpaccess file in /etc This will restrict the user to their home
directory during ftp sessions. It doesn't keep them from telnetting in
though which depending on your situation may be annother concern