how to make FTP user not able to see higher directories

how to make FTP user not able to see higher directories

Post by Joe » Sun, 27 Jun 1999 04:00:00



Ive been trying to create a group account where these users cannot see the
directory structure above their home directory.  I've seen this work before,
yet I am not able to do this.  Any suggestions would be great.

Joe Raymundo

 
 
 

how to make FTP user not able to see higher directories

Post by Dav » Mon, 28 Jun 1999 04:00:00


man ftpd



> Ive been trying to create a group account where these users cannot see the
> directory structure above their home directory.  I've seen this work before,
> yet I am not able to do this.  Any suggestions would be great.

> Joe Raymundo


+---------------------+---------------+


+---------------------+---------------+

 
 
 

how to make FTP user not able to see higher directories

Post by AlexS » Mon, 28 Jun 1999 04:00:00



>man ftpd



>> Ive been trying to create a group account where these users cannot see
the
>> directory structure above their home directory.  I've seen this work
before,
>> yet I am not able to do this.  Any suggestions would be great.

ftpd provides method of chroot() for anonymous user only.
But I don't want make anonymous FTP for security reasons.

AlexSM
------------

 
 
 

how to make FTP user not able to see higher directories

Post by Dav » Mon, 28 Jun 1999 04:00:00


You might try one of the (more robust) ftpd alternatives, wuftpd, for
example.



> >man ftpd



> >> Ive been trying to create a group account where these users cannot see
> the
> >> directory structure above their home directory.  I've seen this work
> before,
> >> yet I am not able to do this.  Any suggestions would be great.

> ftpd provides method of chroot() for anonymous user only.
> But I don't want make anonymous FTP for security reasons.

> AlexSM
> ------------

+---------------------+---------------+


+---------------------+---------------+
 
 
 

1. How to create a user account that's su-able but not login-able?

I need to create a NON-ROOT user account -- let's call it diffuser --  on a
Solaris system that other users can su to, and that sets up the environment
for diffuser, but that can't be logged into directly.  Unfortunately, I can't
find a straightforward way to do this.  If I could get the behavior one gets
when CONSOLE is set to /dev/console in /etc/default/login, I would be very
happy, but it appears there is no comparable operation for user accounts.

As for other ways of accomplishing my goal, I'm familiar with the idea of
simply giving diffuser a .login that contains simply "logout", so that if
someone logs in to the account they will just get logged out right away.* But
unfortunately, that also means a person can't become diffuser by typing "su -
diffuser" or the su will end immediately.  And that means diffuser's
environment can't get set up easily.  At the very least, I would have to
train my users to cd to ~diffuser and source .cshrc.  I would like it to be
more transparent than that.

If there is a way, like an environment variable, to tell whether one is
becoming diffuser from a new login session or from an already-logged-in
session, I could provide a switch in .login to look for that and either log
the user out or proceed, depending on the value.  But "set" and "setenv"
don't reveal any such variable.

Any ideas?  Thanks!

*if you do this, don't forget to also put diffuser in /etc/ftpusers so people
can't ftp bogus things into the diffuser account.

2. Bind Ctrl-arrows under bash?

3. Guest ftp users are not located in their wu-ftp home directory

4. Linux router question

5. how to prevent ftp users (virtual hosts) from going up one directory/escaping their own directory)

6. A7V and onboard Sound with RedHat 7

7. How Can I stop ftp users climbing to the root directory from the guest home directory ?

8. eval problems

9. Multiple Password Protected FTP-able Web Directories (How to???)

10. conf.modules and alias not seen - making a 2 disk linux.

11. rm -r not able to remove empty directory

12. Being able to record the original login id of an anonymous FTP user.....

13. how to restrict the user not to use cd to higher level folders