ftp w/restricted directory access?

ftp w/restricted directory access?

Post by Elizabeth Brindle » Thu, 17 Jun 1993 23:04:12



Greetings!

I see that the top level directory for an anonymously ftp-ed user is
the ftp user's home directory (so that what is actually "/u/ftp" looks
to the user like "/").  I'd like to implement this for other ftp-only
accounts, but can't figure out how they do that.  Any help would
be appreciated!

Thanks!

- Elizabeth "Feeling Clueless" Brindley

P.S. Ah... we're running AIX v3.2.3 on an IBM 320

 
 
 

ftp w/restricted directory access?

Post by Vic Abe » Fri, 18 Jun 1993 05:37:25



>I see that the top level directory for an anonymously ftp-ed user is
>the ftp user's home directory (so that what is actually "/u/ftp" looks
>to the user like "/").  I'd like to implement this for other ftp-only
>accounts, but can't figure out how they do that.  Any help would
>be appreciated!

See the chroot() function of libc.a.

 
 
 

1. Restricting ftp directory access on a per user basis

I have been having difficulty configuring restricted directory access on a per
user basis.  We cannot use an anonymous ftp setup because each user should only
be able to access particular files.  Therefore, I intended to assign individual
id's as guest ftp logins with "/bin/true" shells, and thought that restricting
them to their home directory structure would be fairly straightforward.    
However, these login id's are free to "cd" outside of their home directory; not
only are they allowed to "cd", but they can then get files outside of their root
structure.  
I've heard a few references to "sublogins" but I don't really know what these
are.  I've also heard someone recommend modifying the source for ftpd to add a
line chrooting to a user's directory, but after looking at the source code for
ftpd.c I'm afraid it's a little beyond my C programming skills.  What is the
easiest way to achieve this restriction on an individual user basis?  I am
getting desparate to solve this problem; any help would be appreciated.

My ftptest login entry in /etc/passwd looks like this:
ftptest:!:555:204:WUFTP Test User ID:/ftp/./ftptest:/bin/true

My ftpaccess file looks like this:
----------------------------------------------
class   all   real,guest,anonymous  *

limit   all   5   Any              /usr/local/etc/msgs/msg.toomany

loginfails 3

banner /usr/local/etc/msgs/msg.login

readme  README*    login
readme  README*    cwd=*

message /welcome.msg            login
message .message                cwd=*

compress        yes             local remote
tar             yes             local remote

log commands real anonymous guest
log transfers anonymous,real,guest inbound,outbound

shutdown /etc/shutmsg

passwd-check rfc822 enforce

path-filter anonymous,guest,real /ftp/pub/incoming ^[-A-Za-z0-9._]*$ ^[-._]

upload /ftp/pub/incoming upload yes root system 0600
--------------------------------------------------------------------------------
Thanks,
Susan Malisch

2. Problems restoring from a DAT tape

3. FTP server, how to restrict access to one specific directory

4. TV mode in All-in-Wonder 128

5. Restricting User Access to Directories on FTP

6. Shutdown problem

7. restricting ftp directory access

8. Message: X server slow to shutdown

9. how do I restrict user's FTP access to certain directory only

10. Setting up restricted FTP access to user directories

11. restrict user ftp access to certain directories

12. Restrict FTP access to single directory?

13. How rto restrict ftp directory access (linux)