restricting ftp directory access

restricting ftp directory access

Post by Ulrich Hertle » Fri, 17 Oct 1997 04:00:00



Hi,

is it possible to give users ftp access to their home directory only, so that
they can't "cd" around the whole system?  The ftp man page mentions putting
a homedir like /home/people/./uhe in the passwd but that had no effect.

Please respond via E-mail.

Thanks,
-uli

--
Ulrich Hertlein                           |         "The trouble with having an
Dept. of Computer Sciences, TU Berlin     |       open mind is that people come

-------------------------------------------------------------------------------

 
 
 

restricting ftp directory access

Post by Brad McMaha » Fri, 17 Oct 1997 04:00:00


Oh ya,  You also have to have a staticly link version of ls in ~/bin so the can
see what's in the directories.

Brad


> Hi,

> is it possible to give users ftp access to their home directory only, so that
> they can't "cd" around the whole system?  The ftp man page mentions putting
> a homedir like /home/people/./uhe in the passwd but that had no effect.

> Please respond via E-mail.

> Thanks,
> -uli

> --
> Ulrich Hertlein                           |         "The trouble with having an
> Dept. of Computer Sciences, TU Berlin     |       open mind is that people come

> -------------------------------------------------------------------------------


 
 
 

restricting ftp directory access

Post by Brad McMaha » Fri, 17 Oct 1997 04:00:00


They also have to be part of the ftp guest group.  look in /etc/ftpaccess.

Brad


> Hi,

> is it possible to give users ftp access to their home directory only, so that
> they can't "cd" around the whole system?  The ftp man page mentions putting
> a homedir like /home/people/./uhe in the passwd but that had no effect.

> Please respond via E-mail.

> Thanks,
> -uli

> --
> Ulrich Hertlein                           |         "The trouble with having an
> Dept. of Computer Sciences, TU Berlin     |       open mind is that people come

> -------------------------------------------------------------------------------

 
 
 

1. Restricting ftp directory access on a per user basis

I have been having difficulty configuring restricted directory access on a per
user basis.  We cannot use an anonymous ftp setup because each user should only
be able to access particular files.  Therefore, I intended to assign individual
id's as guest ftp logins with "/bin/true" shells, and thought that restricting
them to their home directory structure would be fairly straightforward.    
However, these login id's are free to "cd" outside of their home directory; not
only are they allowed to "cd", but they can then get files outside of their root
structure.  
I've heard a few references to "sublogins" but I don't really know what these
are.  I've also heard someone recommend modifying the source for ftpd to add a
line chrooting to a user's directory, but after looking at the source code for
ftpd.c I'm afraid it's a little beyond my C programming skills.  What is the
easiest way to achieve this restriction on an individual user basis?  I am
getting desparate to solve this problem; any help would be appreciated.

My ftptest login entry in /etc/passwd looks like this:
ftptest:!:555:204:WUFTP Test User ID:/ftp/./ftptest:/bin/true

My ftpaccess file looks like this:
----------------------------------------------
class   all   real,guest,anonymous  *

limit   all   5   Any              /usr/local/etc/msgs/msg.toomany

loginfails 3

banner /usr/local/etc/msgs/msg.login

readme  README*    login
readme  README*    cwd=*

message /welcome.msg            login
message .message                cwd=*

compress        yes             local remote
tar             yes             local remote

log commands real anonymous guest
log transfers anonymous,real,guest inbound,outbound

shutdown /etc/shutmsg

passwd-check rfc822 enforce

path-filter anonymous,guest,real /ftp/pub/incoming ^[-A-Za-z0-9._]*$ ^[-._]

upload /ftp/pub/incoming upload yes root system 0600
--------------------------------------------------------------------------------
Thanks,
Susan Malisch

2. mount error: device busy

3. How rto restrict ftp directory access (linux)

4. IP reverse Addressing..Help on Virtual email domain config..anybody

5. ftp w/restricted directory access?

6. Thinking of switching to FreeBSD 2.2.2

7. FTP server, how to restrict access to one specific directory

8. Using tape-accelerator

9. Restricting User Access to Directories on FTP

10. how do I restrict user's FTP access to certain directory only

11. Setting up restricted FTP access to user directories

12. restrict user ftp access to certain directories

13. Restrict FTP access to single directory?