Restricting FTP Access to Users to Home level and below

Restricting FTP Access to Users to Home level and below

Post by Joseph Brennska » Tue, 31 Aug 1999 04:00:00



I am a Linux newbie and have a question.

I have set up and am running the wu-ftp V 2.4.2 server.  It works fine, but
I would like to be able to restrict users to directories at or BELOW their
home directory.  I know this can be done, but don't know how.

Can anyone help?

Joe

 
 
 

Restricting FTP Access to Users to Home level and below

Post by I R A Darth Agg » Tue, 31 Aug 1999 04:00:00


On Mon, 30 Aug 1999 13:52:38 -0400, Joseph Brennskag


+ I have set up and am running the wu-ftp V 2.4.2 server.

Go get the security patches NOW, before someone owns your machine.

+ It works fine, but I would like to be able to restrict users to
+ directories at or BELOW their home directory.  I know this can be
+ done, but don't know how.

The same way you set up an anonymous ftp site: you'll have to chroot
(1) the user into a restricted space. One of the consequences of that
is that you'll have to proved each user with /lib/, /etc/, /usr/ and
enough tools to do useful things. And yes, because of the nature of
chroot(), you'll have to provide copies, not just symbolic links. What
is it that you're trying to do that you can not achieve with the
appropriate file/directory permissions?

If you wish to proceed, go to your local bookstore and take a gander
at O'Reilly's _Managing Internet Informations Systems_ (the otter
book?), they have a section on wu-ftpd, and setting it up for
anonymous use. The book itself is probably very dated, tho, and
I would not recommend a purchase, unless it is a 2nd (or better?)
edition. Hmmm...may not even be in print, as I can't find any reference
to it on www.ora.com...

You may find the AnonFTP FAQ useful, too.

James

--
Consulting Minister for Consultants, DNRC
The Bill of Rights is paid in Responsibilities - Jean McGuire
To cure your perl CGI problems, please look at:
<url:http://www.perl.com/CPAN/doc/FAQs/cgi/idiots-guide.html>

 
 
 

Restricting FTP Access to Users to Home level and below

Post by Peter » Wed, 01 Sep 1999 04:00:00



> On Mon, 30 Aug 1999 13:52:38 -0400, Joseph Brennskag


> + It works fine, but I would like to be able to restrict users to
> + directories at or BELOW their home directory.
> If you wish to proceed, go to your local bookstore and take a gander
> at O'Reilly's _Managing Internet Informations Systems_ (the otter
> book?), they have a section on wu-ftpd, and setting it up for
> anonymous use.

Check the man pages for ftpd and ftpaccess before you bother with that. If
you're on Linux, I've got a * shell script that creates/converts
Unix user accounts so that this restriction applies.  See
http://www.veryComputer.com/~peterw/mkwebonly.sh.gz  and be sure you read the
script; there are some things you need to do, like create a "chrootftp"
group, modify the ftpaccess file, and, if you want to basically disable
interactive logins, look at /etc/shells.

-Peter

--
The Intel Pentium III chip: designed to deny your privacy
Boycott Intel. http://www.veryComputer.com/

 
 
 

Restricting FTP Access to Users to Home level and below

Post by Joseph Brennska » Wed, 01 Sep 1999 04:00:00


Thank you for the replies.  I will give this a try.  After many years of
Windoze, Linux is a little bit refreshing. More to think about.  Reminiscent
of old DOS days.

Joe


> > On Mon, 30 Aug 1999 13:52:38 -0400, Joseph Brennskag


> > + It works fine, but I would like to be able to restrict users to
> > + directories at or BELOW their home directory.

> > If you wish to proceed, go to your local bookstore and take a gander
> > at O'Reilly's _Managing Internet Informations Systems_ (the otter
> > book?), they have a section on wu-ftpd, and setting it up for
> > anonymous use.

> Check the man pages for ftpd and ftpaccess before you bother with that. If
> you're on Linux, I've got a * shell script that creates/converts
> Unix user accounts so that this restriction applies.  See
> http://www.veryComputer.com/~peterw/mkwebonly.sh.gz  and be sure you read the
> script; there are some things you need to do, like create a "chrootftp"
> group, modify the ftpaccess file, and, if you want to basically disable
> interactive logins, look at /etc/shells.

> -Peter

> --
> The Intel Pentium III chip: designed to deny your privacy
> Boycott Intel. http://www.veryComputer.com/

 
 
 

1. Security...restricting user-access to home-dir + links

Hello,

I'm having a 'little' security problem.
I give access to some users (through SSH) to my server.

When a user is logged in, he can simply move around with "cd" to another dir
(like /etc).

Now I want to restrict the access of the user to only his homedir
(/home/<user>) and some links (/home/httpd/html   &  /home/ftp/pub  &
/home/scripts).

Does anyone know how I can accomplish this in an easy way?
I know CHROOT + BIND has something to do with it but after reading some
documentation it seems a bit over-kill for such a small (???) requirement
(hey...in Win NT you can make a home-dir and restrict user-access to only
this share).

Thanx for all the help.

Koen Van Impe
Belgium

2. PPP - Telnet and FTP CRAWL

3. Restricting telnet access to user's home directory

4. WUFTP "F_SETOWN : Connection reset by peer"

5. restrict ftp user to home directory but view contents

6. Reading is much more interesting than TV (0097/1704)

7. How to restrict user's FTP home directory.

8. Newbie needs help with Linux/Hard drive

9. FTP restrict real user to home directory

10. ftp:restrict users to home dir

11. Restrict Ftp and Telnet Users to their home directory

12. searching ftpd that restricts all users to homedir and below ??

13. Restricting ftp directory access on a per user basis