How to restrict user's FTP home directory.

How to restrict user's FTP home directory.

Post by kpn » Sat, 17 Nov 2001 12:22:54



I want to restrict user from browsing the whole system when they use ftp.

I know wu-ftp can do it. How about Solaris 8 itself.

 
 
 

How to restrict user's FTP home directory.

Post by Igor Sobrad » Sat, 17 Nov 2001 17:16:25



Quote:> I know wu-ftp can do it. How about Solaris 8 itself.

Wu-ftp works with Solaris (if it is not included yet! pro-ftp comes
with Solaris). You can restrict users browsing ability using either
chroot(1M) or a restricted shell.

An example of restricted shell is bash with the option "-r". As an
option cannot be added to the user's shell in /etc/passwd you can
make a link to bash called rbash. It will work as a restricted shell
too and can be easily provided as a user's login shell. I believe
that you do not want users browsing system directories from their
normal accounts too.

Restricted shells have a lot of features (for example changes to the
environment are not allowed). You must remember to provide only a PATH
to some well-known commands (for example vi allows users to open
unrestricted shells). Take care with these commands that allows
users to execute arbitrary code.

I never tried it, but it should work as an ftp shell too (if it is
authorized for that use). In any case, the former alternative (chroot)
will work. It is used by the anonymous FTP servers and its behaviour
is just what you are looking for.

Cheers,
Igor.

--


 
 
 

How to restrict user's FTP home directory.

Post by Igor Sobrad » Sat, 17 Nov 2001 20:09:36




>> Wu-ftp works with Solaris (if it is not included yet! pro-ftp comes
>> with Solaris). You can restrict users browsing ability using either
>> chroot(1M) or a restricted shell.
> Bzzt.  Thank you for playing.  You've described how to restrict telnet
> or ssh accounts, not ftp access.

You will do a better job if you read previous posts before answering.
I noted that the best way to restrict an FTP account is using chroot(1M).
But I proposed another one that allows a full restriction. I believe that
the original poster was looking for a way to restrict users access to the
system and it includes more than simply limiting FTP retrieval ability.

Igor.

--

 
 
 

How to restrict user's FTP home directory.

Post by ken » Sun, 18 Nov 2001 02:10:41


Hi - the two worst ftp server are

        (1) Sun's
        (2) WU ftp

Use

        http://www.proftpd.net

ftp server instead.

It can be configured for just about any situation and uses
syntax similar to Apache.

-- Ken


> I want to restrict user from browsing the whole system when they use ftp.

> I know wu-ftp can do it. How about Solaris 8 itself.

 
 
 

How to restrict user's FTP home directory.

Post by Thomas Seyra » Sun, 18 Nov 2001 02:19:45



> > I want to restrict user from browsing the whole system when they use ftp.
> > I know wu-ftp can do it. How about Solaris 8 itself.
>  Hi - the two worst ftp server are
>    (1) Sun's
>    (2) WU ftp
>  Use
>    http://www.proftpd.net
>  ftp server instead.
>  It can be configured for just about any situation and uses
>  syntax similar to Apache.

  I agree about the two worst servers.

  However, I am not totally positive about ProFTPd. In fact, I would
  recommend vsftpd (VS stands for Very Secvure) when security is a
  matter of concern. Version 1.0 has just been released. You can get it
  at :

    ftp://ferret.lmh.ox.ac.uk/pub/linux/vsftpd-1.0.0.tar.gz

  This server does really chroot(), not only providing virtually
  chrooted users, but also making the server jailed. A great tool.

--
Thomas Seyrat.

 
 
 

How to restrict user's FTP home directory.

Post by Barry Margoli » Sun, 18 Nov 2001 03:58:42




Quote:>But I proposed another one that allows a full restriction. I believe that
>the original poster was looking for a way to restrict users access to the
>system and it includes more than simply limiting FTP retrieval ability.

The OP specifically said "when using ftp".  Nothing in his post suggested
that he needed to restrict them when logged in normally (I'll go on a limb
and presume that the intended users aren't given shell access at all, so
ftp is all they can do -- a common application like this is personal web
hosting services).

--

Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

 
 
 

How to restrict user's FTP home directory.

Post by Igor Sobrad » Sun, 18 Nov 2001 22:53:08



Quote:> The OP specifically said "when using ftp".  Nothing in his post suggested
> that he needed to restrict them when logged in normally (I'll go on a limb
> and presume that the intended users aren't given shell access at all, so
> ftp is all they can do -- a common application like this is personal web
> hosting services).

As I noted in my first post, he can use chroot(1M) to restrict the
directories that can be search for.

--

 
 
 

1. restrict ftp user to home directory but view contents

Hi

I have an unusual problem, both on an SGI Irix 6.5.8 machine as well as
on RedHat Linux 6.2. Both these machines act as ftp servers, and on
these machines I would like to restrict users to their home directory
when they connect with ftp.

Under Irix, this can be done by putting the user name (from the password
list) in /etc/ftpusers followed by the word "restrict". They cannot move
out of their home directory but this also make it impossible for them to
see any files in their home directory.

Under linux, there is an /etc/ftpaccess file where presumably similar
restrictions can  be set up. Irix, by default has no /etc/ftpaccess file
so making one may not work for setting restrictions on users.

At the moment when I restrict the user to their home directory they
cannot see the files in it, and when I do not restrict them, they can
see home directory files but also move to other directories on the
serverand see the contents of those.

Whether it is a setting in /etc/ftpusers or /etc/ftpaccess, what I would
like to do is this:

1. Restrict the user to their home directory
2. Enable that user to get a full listing of the files in their home
directory only.

Can anyone tell me how to set this up?

Thanks

Hugo

2. chat script for CIS PPP connection

3. FTP restrict real user to home directory

4. LILO on a ramdisk

5. Restrict Ftp and Telnet Users to their home directory

6. can not get Red Hat 8 to recognize my pcmcia cards

7. HELP: can i restrict FTP to usesr's home directory?

8. New Mother Board

9. Restricting telnet access to user's home directory

10. how do I restrict user's FTP access to certain directory only

11. How Can I stop ftp users climbing to the root directory from the guest home directory ?

12. Guest ftp users are not located in their wu-ftp home directory

13. Script for creating a directory under user's home directory