by Robert Chalmer » Tue, 17 Oct 2000 04:00:00
Anyone doing this, or know how its done?
Thanks
Robert
by Bill Vermilli » Tue, 17 Oct 2000 04:00:00
Try man ftpd and look for the word 'chroot'.
--
by Robert Chalmer » Wed, 18 Oct 2000 08:27:41
> >How do VirtualHosting services restrict access to ftp only? The
> >users must still be in the password file right? But how does this
> >stop users from travessing the directory trees to other places on
> >the system?
> >Anyone doing this, or know how its done?
> It's done very carefully :-)
> Try man ftpd and look for the word 'chroot'.
4. If the user name appears in the file /etc/ftpchroot the ses-
sion's root will be changed to the user's login directory by
chroot(2) as for an ``anonymous'' or ``ftp'' account (see
next
item). However, the user must still supply a password.
This
feature is intended as a compromise between a fully
anonymous
account and a fully privileged account. The account should
also be set up as for an anonymous account.
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ????
Sounds like an unworkable solution to me.
Bob
by Bill Vermilli » Wed, 18 Oct 2000 04:00:00
>> Try man ftpd and look for the word 'chroot'.
>So you mean, that according to this - that EVERY user has their
>own directory tree set up like the anonymous ftp user! etc and bin
>directories, a mini password file etc!
That way you could just copy one file in to a directory and expand
the links. Anything that goes in their home directory could be
added to /usr/share/skel. I have an index.html along with the
dot.xxxx files to put in a generic holding html for their website
until they bring that up.
[woops - deleted the line where you said it was unworkable]Quote:>This
> feature is intended as a compromise between a fully
>anonymous
> account and a fully privileged account. The account should
> also be set up as for an anonymous account.
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ????
I guess it depends on how much you want to automate and how
far you want to restrict people.
--
by Robert Chalmer » Thu, 19 Oct 2000 04:00:00
When I find that, I wont even need /bin. The others dont matter as you say.
So the result is that the user is restricted to their own directory - and no
where else.
Now to find out how to add a user from the script, but NOT have it use the
users name as the direcrtory name. !!!
Thanks for pointing me in the right direction ,
cheers
Bob
> >So you mean, that according to this - that EVERY user has their
> >own directory tree set up like the anonymous ftp user! etc and bin
> >directories, a mini password file etc!
> You only need the password file is they need to see the names of
> other users. But since they are logged into their own directory they
> don't need those. You can then put whatever they need in their own
> bin and etc directories. As for the files they would need in their
> own bin or etc you could probably put them in one file with links to
> the names of the programs as in the /stand directory. . {gawd - I'm
> embarrased to say I forgot the name of the program which does this
> for the files in the /stand directory}
> That way you could just copy one file in to a directory and expand
> the links. Anything that goes in their home directory could be
> added to /usr/share/skel. I have an index.html along with the
> dot.xxxx files to put in a generic holding html for their website
> until they bring that up.
> >This
> > feature is intended as a compromise between a fully
> >anonymous
> > account and a fully privileged account. The account
should
> > also be set up as for an anonymous account.
> > ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
????
> [woops - deleted the line where you said it was unworkable]
> I guess it depends on how much you want to automate and how
> far you want to restrict people.
> --
by Tim Kientzl » Thu, 19 Oct 2000 04:00:00
In essence, the FTP server temporarily hides the entire
disk except for a specific directory tree. This is
a very powerful security tool.
Also, remember that any request you make is actually
processed by the FTP server program; it is possible (at least
in theory) for the FTP server to simply pretend that
only certain directories exist.
- Tim
> How do VirtualHosting services restrict access to ftp only? The users must
> still be in the password file right? But how does this stop users from
> travessing the directory trees to other places on the system?
> Anyone doing this, or know how its done?
> Thanks
> Robert
1. Apache 1.3b2: Default Host and all virtual hosts serve only first virtual hosts pages?
Hello.
Have been running 1.2b8 for a intranet and decided to move upto 1.3b2. I
have several name based virtual hosts that have been working under
1.2b8. After compiling and installing 1.3b2 my virtual hosts do not
work. In fact what happens is that even though DocumentRoot and default
server name is different, eg: www.serverA.net pointing to /www/default,
Apache 1.3b2 will always take me to the first defined virtual host as if
it's locked to it no matter what virtual host I try to browse. What
gives? Please post and E-Mail.
In /etc/hosts for my machines IP address I have
A.B.C.D www.default.net www.virtA.net www.virtB.net
In ../conf/httpd.conf I have;
<VirtualHost www.virtA.net>
DocumentRoot /usr/local/www/virtA
ServerName www.virtA.net
ErrorLog logs/virtA.error.log
TransferLog logs/virtA.access.log
</VirtualHost>
<VirtualHost www.virtB.net>
DocumentRoot /usr/local/www/virtB
ServerName www.virtB.net
ErrorLog logs/virtB.error.log
TransferLog logs/virtB.access.log
</VirtualHost>
--
2. direct connection between PCs - help anyone?
3. Name Based Virtual Hosting - Unable to access Virtual domain from IE/Lynx
5. Virtual Servers: WWW, FTP, POP, SMTP, SSL capable (not simply Virtual Hosting)
7. Is there anyway of restricting TCP service to certain hosts only?
8. Apache upgrade - quick question
9. FrontPage virtual hosting, removal or reset of virtual host
10. : How to prevent one named virtual host from "seeing" another virtual hosts files ?
11. Mixing Apache Name Based Virtual Hosts and SSL Virtual Host
12. For Discussion: web virtual hosting vs mail virtual hosting
13. iptables config for NAT and restricted access to services from outside