Webmin & FTP!?!?!
Hi!
I'm using Webmin and having some problems (and Webmin docs don't seem to be very, um, existent!). :mad: Anyway, when I create a new user through webmin, I want them only to have access to /home/theirdir, but right now, then can just go up the tree to / and even /etc! :( Does anyone know how to stop this? Thanks very much. Danny ps. Just a shameless plug, http://MyBest50.com are offering FREE month's listings to everyone, so check it out (http://mybest50.com/freemonth.php) ;) |
I think that you will need to make ftpd chroot when the user accesses it... I think the documentation you want to look at isn't webmins' but the man page for your ftp daemon. Unfortunately I can't be more specific... what FTP daemon are you using?
cheers. Jamie... |
wu-ftpd.
I just want to stop them getting anywhere outside of /home/username. I don't know much about it, but I have access to Webmin and via SSH, so I'd appreciate any suggestions. While I'm at it, I CHMOD'd all my web folder to 0777 cos it's the only way I could get two users to be able to write into that folder. Is there another way?! I set up a group "webusers" and CHGRP'd the folders to them, but it would still only let the CHOWNer write into there :( TIA, Danny |
Quote:
Quote:
Quote:
cheers. Jamie... |
Quote:
Quote:
Quote:
However, if I create a folder inside there, the default permissions don't let Steve access it, any idea how to set the default to 0770? btw, I know with CHMOD it user, group, world, and 7 is write, but what other numbers can go in there? Also, if I chmod to 0770, can other users (not in the group) read the files? Thanks m8, Danny |
Quote:
Quote:
Quote:
cheers. Jamie... |
I found a nice page:
http://support.rackspace.com/cgi-bin...&130=945710545 Which helps. Thanks for your help too, Danny |
Haveing just read that guide - make sure you only change the shell if your users don't need an interactive login on the server! Changing it to /bin/false will result in the user not being able to spawn a shell...
Jamie... |
They're only having ftp access (whether they like it or not!), no shell, so is it ok?
Also, I'm doing this all through webmin, so for the group thing, I went into Webmin / Servers / FTP / Users & Classes and typed "ftponly" in the Users & Groups to treat as guests. I sthat right? (I wasn't too sure about: Quote:
Danny |
eh?!
I don't have an "ftp" folder in /home :( It says copy ftp and bin over into their folder ??? |
Well I skipped the copying bin and lib bit, and it seems to work fine, however I can't delete files out of that folder now!
I created a new folder and tried to delete it, and it just says denied! I logged in as a normal user, and I now have access to that folder (usually I can't access another user's home dir), but I can't delete the folder! Any ideas?! Thanks, Danny |
If the ftp daemon doesn't internally implement the delete function then it will be trying to call /bin/rm - which won't exist if you haven't recreated the bin directory in the user's home dir... you might wanna copy /bin/ls and /bin/rm and mkdir etc into a bin dir for each user.
good luck Jamie... |
So shall I just copy /bin and /lib into their folder?
Although it's giving Access Denied, not Command Not Found or anything...? Doesn't copying mean there's two copies, and therefore if anything's ever updated in one, the other will be not-updated (yes, that's a word). Also, I put the /./ on the end, and didn't seem to do anything (still gave them full access), it was only when I told it to treat the group ftponly as a guest that it gave that folder a "root" type-feeling. (And I tried setting permissions to allow Guest's to delete, thinking it might be that). |
Well for some reason it's letting me delete (and I didn't change anything), however whenever I log out and back in, I don't see any files! It's empty (but if I try creating a new folder, it says /New Folder already exists).
I guess it's chrooted, but I don't know why! (I didn't type chroot anywhere! But that's what I wanted anyway) Any ideas?! |
ARGH!!!
:newbie: Ok, I copied /bin to /home/test/bin and logged in as test, and it still just shows an empty listing! The folders must be there, co sit dies when I try to create a new folder called "New Folder" (as it already exists), but it's not showing up at all!! :mad: |
Do you have /bin/ls? Otherwise your listings may be empty as it can't find ls...
Just a thought. Jamie... |
Yup, copied the whole /bin folder.
I just got rid of it and tried a few things... the /./ on the end of the home dir doesn't seem to do anything at all. In FTP, telling it to treat group ftponly as a guest makes it not show /home/test (but show it as if it's at root, eg seems to be chrooting to /home/test), but tha won't let me see any files other than those create this session. According to that doc, the /./ sticks it in the home dir (wrong, I can go anywhere with just that!), and setting it as guest seems to give you an upload only (and no ls!) scenario! I'm well confused! |
I added the users to the group "ftponly", then I set ftp to treat that group as guests. I gave guests delete/rename etc. access, and changed their home dir to /home/username/./web and copied /bin and /lib into /home/username
Works fine! |
a permissions prob i think
Dan, I think its a permission problem...the directories your creating are surely present only i think for some reason you havent enabled the directory to show entries.
It can be done with chmod via an FTP client Im not sure of the above but it may help... |
BTW:
Are you using Webmin on a public IP connection ??? If you are, then I warn you that it is not very secure, cause I used it before and some one from Brazil hacked into port 10000 set for Webmin and created account and stuff... Right now I won't even open up port 21 for telnet rather to have this huge window open for any one to hack in and do whatever. |
I've got most things (including telnet) turned off for security, just what we need is enabled.
Ok, I spent all yesterday sorting that out, and it turns out, he wants the two users that I locked down, do have access to the *same* directory, which he must also have access to, and be web-accesible! Can I just set their home dirs to /var/www/theirdomain/./web and copy bin and lib to theirdomain? Will it screw the website up having thei profiles in there (those .bash files etc.) ?? Also, is there any way I can disable Perl and PHP (not sure if any other languages might be enabled?!) for that folder (they don't need it, so if I disable it, they can't get crafty ideas about running Perl scripts!). And if I do it via .htaccess, they can edit the file, so could I put it in /var/www/theirdomain, and would it still work (since theirdomain is mapped to /var/www/theirdomain/web - will it look further up for .htacces files)? Thanks, Danny |
All times are GMT -5. The time now is 04:06 PM. |