Setting up restricted FTP access to user directories

Setting up restricted FTP access to user directories

Post by Doug Sis » Tue, 17 Dec 1996 04:00:00



This is how I ended up doing it.

1) Setup all WEB users in an ftp guest group (gid)
2) Use the following format for their passwd entry:
  <user>:<passwd>:<uid>:<gid>:<FullName>:/home/httpd/html/./<user>:/usr/bin/passwd
3) Add /usr/bin/passwd to /etc/shells
   (I don't allow shell access to the main web server, users can telnet
    in to change their passwords)
4) Place statically linked ls in a 'bin' dir of root of web server
   (In this case /home/httpd/html/bin)

5) Make sure their umask is set correctly on the ftpd command line.

The only disadvantage is that all users get to surf around the whole
directory structure.

I'd like to use the Troll Tech ftp daemon (it dosen't require the
external ls command) but it only has two classes of users, anonymous
and real.  I need real passwords and a chroot env.  If I ever get time
I'll try to patch it up to do this - Then we'll have an apache ftp.

A major drawback is the confusion caused by the difference between:


   - and -

hopefully they don't have write perms.)


Of course, you don't need the ls command, but users are operating blind.
And, if the are using NS Gold, they'll quickly find that they can't
delete files, make sub-dirs, etc. etc.

If you ever find a ftpd that has a built in ls, and has guest
capabilities (chroot), please let me know.

Doug
--
Doug Sisk                Internet Business Services


> How does one go about setting up the FTP access for users to deposit
> their pages?  I've been working with WU FTP daemon and can get most of
> it figured out.  However I'm looking for something that's a bit easier
> than haveing a hundered copies of  ls and other files like group and
> password out in individuals directories.  I'm sure that alot of ISP's
> have done this in the past and I"d like ot know if it's possible.  If
> anybody's got a URL or some documentation let me know at either of the
> following e-mail addresses:


>  - or -

> Thanks for the help.
> ==================================

> Buzz Clik, Inc.
> ==================================

 
 
 

Setting up restricted FTP access to user directories

Post by John Swaring » Wed, 18 Dec 1996 04:00:00


How does one go about setting up the FTP access for users to deposit
their pages?  I've been working with WU FTP daemon and can get most of
it figured out.  However I'm looking for something that's a bit easier
than haveing a hundered copies of  ls and other files like group and
password out in individuals directories.  I'm sure that alot of ISP's
have done this in the past and I"d like ot know if it's possible.  If
anybody's got a URL or some documentation let me know at either of the
following e-mail addresses:


 - or -

Thanks for the help.  
==================================

Buzz Clik, Inc.
==================================

 
 
 

1. Restricting ftp directory access on a per user basis

I have been having difficulty configuring restricted directory access on a per
user basis.  We cannot use an anonymous ftp setup because each user should only
be able to access particular files.  Therefore, I intended to assign individual
id's as guest ftp logins with "/bin/true" shells, and thought that restricting
them to their home directory structure would be fairly straightforward.    
However, these login id's are free to "cd" outside of their home directory; not
only are they allowed to "cd", but they can then get files outside of their root
structure.  
I've heard a few references to "sublogins" but I don't really know what these
are.  I've also heard someone recommend modifying the source for ftpd to add a
line chrooting to a user's directory, but after looking at the source code for
ftpd.c I'm afraid it's a little beyond my C programming skills.  What is the
easiest way to achieve this restriction on an individual user basis?  I am
getting desparate to solve this problem; any help would be appreciated.

My ftptest login entry in /etc/passwd looks like this:
ftptest:!:555:204:WUFTP Test User ID:/ftp/./ftptest:/bin/true

My ftpaccess file looks like this:
----------------------------------------------
class   all   real,guest,anonymous  *

limit   all   5   Any              /usr/local/etc/msgs/msg.toomany

loginfails 3

banner /usr/local/etc/msgs/msg.login

readme  README*    login
readme  README*    cwd=*

message /welcome.msg            login
message .message                cwd=*

compress        yes             local remote
tar             yes             local remote

log commands real anonymous guest
log transfers anonymous,real,guest inbound,outbound

shutdown /etc/shutmsg

passwd-check rfc822 enforce

path-filter anonymous,guest,real /ftp/pub/incoming ^[-A-Za-z0-9._]*$ ^[-._]

upload /ftp/pub/incoming upload yes root system 0600
--------------------------------------------------------------------------------
Thanks,
Susan Malisch

2. Boot loader configuration

3. Restricting User Access to Directories on FTP

4. How do I get KDE with VNC?

5. how do I restrict user's FTP access to certain directory only

6. mp3's

7. restrict user ftp access to certain directories

8. NIS on linux ????

9. Restricting user access to directories

10. ftp w/restricted directory access?

11. FTP server, how to restrict access to one specific directory

12. how do you restrict a user's access to just one directory?

13. restricting ftp directory access