Stop FTP users from browsing computer.

Stop FTP users from browsing computer.

Post by jim walsk » Tue, 11 May 1999 04:00:00



OS - Redhat linux 5.2 -

Is there a simple way to stop a user that is logged in through FTP from
browsing around the directories.  I would like to keep them contained in
their own home directory.  Right now when i log in as a user i can change
directory all over the computer.

Thanks, Jim

 
 
 

Stop FTP users from browsing computer.

Post by TS Stah » Wed, 12 May 1999 04:00:00


Whatever rights you grant a user will be in effect.  Restrict them to the
anonymous user, and the default setup will contain them in the ftp tree.


> OS - Redhat linux 5.2 -

> Is there a simple way to stop a user that is logged in through FTP from
> browsing around the directories.  I would like to keep them contained in
> their own home directory.  Right now when i log in as a user i can change
> directory all over the computer.

Scott Stahl
MIS Asst.
Illinois Housing Development Authority

 
 
 

Stop FTP users from browsing computer.

Post by Johannes Kremsne » Thu, 13 May 1999 04:00:00



> Whatever rights you grant a user will be in effect.  Restrict them to the
> anonymous user, and the default setup will contain them in the ftp tree.


> > OS - Redhat linux 5.2 -

> > Is there a simple way to stop a user that is logged in through FTP from
> > browsing around the directories.  I would like to keep them contained in
> > their own home directory.  Right now when i log in as a user i can change
> > directory all over the computer.

> Scott Stahl
> MIS Asst.
> Illinois Housing Development Authority

try a ftp-serverprogram with a user-db like proftpd. there you
can configure users a way that they can only see the contains of
a given directory and subs ( ie. the home-dir of a system user ).

sers,
johannes

--

University of Art and industrial Design
Center for Informatics Services (ZID) Mr. Ing. Johannes Kremsner
Hauptplatz 8, 4020 Linz Austria
Europe - Earth - 1432para. Universe
Tel. +43-(0)732-7898-262 * Fax +43-(0)732-783508

****************************************************************
for EU citizens only:
have a look at http://www.politik-digital.de/spam/

 
 
 

Stop FTP users from browsing computer.

Post by Matt Kresse » Mon, 17 May 1999 04:00:00


Look into the command "chroot" which will prevent FTP users from seeing
anything else.  There is a FAQ on this somehwere.  Just search the net
for "chroot ftp"

-Matt


> OS - Redhat linux 5.2 -

> Is there a simple way to stop a user that is logged in through FTP from
> browsing around the directories.  I would like to keep them contained in
> their own home directory.  Right now when i log in as a user i can change
> directory all over the computer.

> Thanks, Jim

--

"And you run, and you run to catch up with the Sun, but its
 sinking.  Racing around to come up behind you again." -PF
 
 
 

Stop FTP users from browsing computer.

Post by Duncan Simps » Thu, 20 May 1999 04:00:00



Quote:>Look into the command "chroot" which will prevent FTP users from seeing
>anything else.  There is a FAQ on this somehwere.  Just search the net
>for "chroot ftp"

Even better consult wu-ftpds documentation about guest ftp
access. While you are about it make sure you have a *very* recent
version, without the realpath buffer overrun support included (root
exploit avialable). All vesion of RH 5.x and most other distibutions
are vulnerable unless you have installed their fixes (or got the latest
source, checked realpath.c is fixed, and replaced the binary).

I can confirm guest ftp access works as advertised and keeps those
users inside whatever playpen you decided was appropiate. (In
particular my playpen stops people from fetching /etc/inetd.conf and
therefore from knowledge of which ports offer real services instead
of connecting them to klaxon).

Duncan (-:
--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."

 
 
 

1. Stopping FTP packets from certain users ?

comp.unix.admin and comp.admin.policy added for obvious reasons.


:Certain users at our site are abusing FTP. They have legitimate needs for it,
:but at the same time are downloading giga-bytes of GIF's and wasting our
:extremly small bandwidth. We don't mind a bit of playing around (we encourage
:it) but this is getting a bit much. We've had people with 8 simultaneous
:FTP sessions going at the same time. Does anyone have any suggestions here ?
:The solution would be to deny access completely, but then they could just copy
:it or re-build it. Could we slow down certain users FTP sessions by limiting
:bandwidth ? What can be done here ? Any comments would be helpful. Please
:E-Mail and I will summarise if anything useful comes up.

I dunno...  this isn't a technical issue as much as a policy issue.
If they abuse your computer services despite reasonable warnings, deny
them computer services and document (and tell the abusers) your
reasons why.  If they complain, tell their bosses or tell your boss to
tell their bosses.  Sure, it's not the nicest thing to do, but if
they're in violation of clearly-stated policy, treat them as such.  If
these people are downloading raytrace[1-56].gif and devouring your
bandwidth to have cool backgrounds on their PC or workstation and get
their accounts frozen as a consequence...  let 'em deal with it.  You
can draw the line and still be a "nice guy" -- be firm and fair.

Technical alternatives exist.  Get a low-cost PC, put some sort of
Unix on it, and tell them to put their fun and games there, and insure
its connection to your Internet is limited.  Various firewall
techniques could be employed as well.  But as I said above, this
really dones't strike me as a "technical" issue.  As part of your job,
you get a phone and (typically) unlimited usage.  If you make all
sorts of personal long-distance calls, or exceed some certain magic
dollar value, you get hammered.  Sure, one could micro-manage the
phones -- record conversations, etc.  But my experience is that
systems administrators typically have a lot better things to do.

--

 Ford Motor Company, OPEO      |  UUCP:      ...!fmsrl7!opeo!mjo
 20000 Rotunda, Bldg. 1-3001   |  Phone:     +1 (313) 248-1260
 Dearborn, MI  48121           |  Fax:       +1 (313) 323-6277

2. Getting Linux to use 2 different net addresses. Please help.

3. Debian setup probs

4. How Can I stop ftp users climbing to the root directory from the guest home directory ?

5. Vaio pcg-812

6. Allowing users to access my computer via ftp

7. /bsd: fxp0: device timeout

8. Q: Stop local users from logging in as Anon FTP ?

9. Getting FTP files from MSDOS computer to Linux Computer

10. stopping "cd .." ....list all our users directories, and STOPPING SPAM!!!

11. 25% of computer users have physically attacked their computer

12. How do i browse network computers