Restricting ftp directory access on a per user basis

Restricting ftp directory access on a per user basis

Post by Susan Malisc » Thu, 18 Apr 1996 04:00:00

I have been having difficulty configuring restricted directory access on a per
user basis.  We cannot use an anonymous ftp setup because each user should only
be able to access particular files.  Therefore, I intended to assign individual
id's as guest ftp logins with "/bin/true" shells, and thought that restricting
them to their home directory structure would be fairly straightforward.    
However, these login id's are free to "cd" outside of their home directory; not
only are they allowed to "cd", but they can then get files outside of their root
I've heard a few references to "sublogins" but I don't really know what these
are.  I've also heard someone recommend modifying the source for ftpd to add a
line chrooting to a user's directory, but after looking at the source code for
ftpd.c I'm afraid it's a little beyond my C programming skills.  What is the
easiest way to achieve this restriction on an individual user basis?  I am
getting desparate to solve this problem; any help would be appreciated.

My ftptest login entry in /etc/passwd looks like this:
ftptest:!:555:204:WUFTP Test User ID:/ftp/./ftptest:/bin/true

My ftpaccess file looks like this:
class   all   real,guest,anonymous  *

limit   all   5   Any              /usr/local/etc/msgs/msg.toomany

loginfails 3

banner /usr/local/etc/msgs/msg.login

readme  README*    login
readme  README*    cwd=*

message /welcome.msg            login
message .message                cwd=*

compress        yes             local remote
tar             yes             local remote

log commands real anonymous guest
log transfers anonymous,real,guest inbound,outbound

shutdown /etc/shutmsg

passwd-check rfc822 enforce

path-filter anonymous,guest,real /ftp/pub/incoming ^[-A-Za-z0-9._]*$ ^[-._]

upload /ftp/pub/incoming upload yes root system 0600
Susan Malisch


1. restricting ftp on a per user basis

I just recently installed wuftp because I had heard of the security benefits that
this version provided.  However, instead of providing simple anonymous ftp
access, I need to be able to provide access to individual users that can "get"
and "put" files in their "home" directories only.  (I don't want users to be able
to access other users' files.)
I have followed the instructions as best as I can tell, but am having some
problems.  I created a separate filesystem /ftp which will house all the home
directories for these "ftp" restricted users.  The bin and etc directories exist
under /ftp.  I created a user called "ftptest" to test the setup.  This id can
login but cannot do an "ls" (Permission denied) or "get" a file (Says there is no
such file or directory - but that is probably because the id cannot see it).  
So far I cannot tell what I am overlooking in my setup.  Does anyone have a good
write-up, explanation, or any help in getting this straightened out?

Thanks very much,
Susan Malisch

2. broken less command

3. IP accounting on a per-user basis, rather than per IP address.

4. Could you explain me this problem?

5. Restricting User Access to Directories on FTP

6. Script command in shell script program ?

7. how do I restrict user's FTP access to certain directory only

8. Line in use...

9. Setting up restricted FTP access to user directories

10. restrict access on host and/or user basis

11. restrict user ftp access to certain directories

12. Per user: Restricting Telnet but allowing FTP

13. ftp w/restricted directory access?