Results 1 to 8 of 8

Thread: FTP User RIghts

  1. #1
    Join Date
    Nov 2003
    Posts
    48
    Rep Power
    0

    Default FTP User RIghts

    I have created a user on RedHat for ftp purposes, however i notice that when i connect with an FTP client, the user is able to navigate backwards. Although they dont have any write rights, i still dont want this to happen.

    How do i lock the user into his Home Directory so that he cant navigate backwards out of it???


    ???

  2. #2
    Join Date
    Aug 2002
    Posts
    1,257
    Rep Power
    0

    Default Re:FTP User RIghts

    Depends on the FTP Server you are using..........The documentation normally provides info on how to create users and by extension locking these users in the ftp home directory......
    I know Wu-FtpD uses the Chroot method..........Please tell us what ftp Server you are using.....

  3. #3
    Join Date
    Nov 2003
    Posts
    48
    Rep Power
    0

    Default Re:FTP User RIghts

    I think its PROFTPD

  4. #4
    Join Date
    Nov 2002
    Posts
    5,713
    Rep Power
    0

    Default Re:FTP User RIghts

    Why don't you just asign the user to a folder, if that is possible with our ftp server.

  5. #5
    Join Date
    Nov 2003
    Posts
    48
    Rep Power
    0

    Default Re:FTP User RIghts

    not really sure what you mean..

    the user needs access to every folder in his home directory...i just dont want them to go to a level higher than the home directory.





  6. #6
    Join Date
    Nov 2002
    Posts
    5,713
    Rep Power
    0

    Default Re:FTP User RIghts

    Can you group peeps that have access to you ftp box? If you can, you should be able to assign them certain files. i.e. they can only see what is in their group and wouldn't know that they were grouped in the first place.

    I know this is possible with Bullet Proof FTP server (Windows), but I'm not familiar with this ftp prog so you will have to await the response from the other Linux gurus.

  7. #7
    Join Date
    Sep 2002
    Posts
    3,270
    Rep Power
    0

    Default Re:FTP User RIghts

    One more reason I hate RedHat products out of the box and the windows mindset.

    I know you have this problem because you did not read the FAQ for proftpd before you began running the service.

    Most users (especially newbies) never seem to read anything. They just run and hope it works. Cool. Its what most people are used to. But I beg the techies in JA... CHANGE THAT MINDSET... PLEASE.

    Anyway ProFTP is a very good ftp server.
    Its a pitty they set it up with basic security.

    I recommend reading this Document, its the immediate solution to your problem.

    http://www.proftpd.org/docs/faq/prof...-5.html#ss5.12
    http://www.proftpd.org/docs/directiv...faultRoot.html


    If you want more than that ....
    http://proftpd.linux.co.uk/localsite...userguide.html

    The above link is the USER GUIDE

    http://proftpd.linux.co.uk/localsite...26.html#AEN231

    This abovel linke bypasses all the "boring stuff" and explains some SECURITY FUNDMMENTALS !

    If you wish you can download example config files from their site as well, but is supect you already have these in
    /usr/share/doc/<app_name>
    That is assuming RH bothered to package the docs.

    Info in a nut shell ???
    http://www.castaglia.org/proftpd/doc...TO-Chroot.html

    Good old Linux Docs . org never fails.

    --regards
    Gillion


  8. #8
    Join Date
    Nov 2003
    Posts
    48
    Rep Power
    0

    Default Re:FTP User RIghts

    ok for those who care, i found one possible solution.

    in the proftd.conf file you may see some lines near the top of the file resembling

    <Global>
    DefaultRoot ~ mygroup
    AllowOverwrite on
    </Global>


    The DEFAULTROOT is what does the trick. All users in the 'mygroup' group will be 'jailed' into thier home directory subtree when they login (ftp) to the server.

    you can just add more DEFAULTROOT lines for each group you want to jail. Dont forget the tilde (~). It needs to be there.

    Like i said..its a possible (not necessarily tthe best) solution...it works for me.


    Peace.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •