LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-06-2006, 10:52 PM   #1
Anthraxnz
LQ Newbie
 
Registered: Sep 2005
Posts: 21

Rep: Reputation: 15
Forcing user home directory


hi

is it possible to make it so that the user can only use their directory over SSH or FTP.

ie not be able to # cd /var/ftp so they cant go roming around the server looking at all sorts of other files?

if so whats the command ?

thanks
 
Old 05-07-2006, 12:20 AM   #2
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
Yes, although it is much easier to restrict ftp users than regular users through SSH. For ftp, it would have helped tremendously if you had included useful info, like what ftp server you were running. Since you didn't the way to find out how would be to google for the name of your ftp server and lock. Vsftp allows locking users in their ftp directory, and I'm sure others do as well.

For SSH, it is possible, but takes time, and leads to the obvious question of why you would want to do it. The strong default linux security doesn't give regular users the ability to modify system files. Looking at config files isn't a problem, just changing them that could be. To remove their ability to see things, you'd have to remove the others group permissions. Be aware that doing so will probably break many of the programs on your system. Simpler solutions include not giving users shell access, or removing SSH access for certain users. Just not creating individual accounts for the people that you don't want seeing things would work as well.

Peace,
JimBass
 
Old 05-07-2006, 02:37 AM   #3
Anthraxnz
LQ Newbie
 
Registered: Sep 2005
Posts: 21

Original Poster
Rep: Reputation: 15
its VSFTPD.

found a tutorial on how to do it but doesnt seem to work.
http://www.linuxforums.org/forum/red...directory.html

changed those settings and restarted service but didnt work i could still go up to root dir.

this didnt exist in my file "chroot_local_user=no" so i added it.

i grepped my .conf file for chroot heres the results.

># grep chroot vsftpd.conf

chroot_local_user=NO

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=YES

chroot_list_file=/etc/vsftpd/chroot_list

Last edited by Anthraxnz; 05-07-2006 at 02:46 AM.
 
Old 05-07-2006, 09:41 AM   #4
ubijstvo
LQ Newbie
 
Registered: May 2006
Posts: 3

Rep: Reputation: 0
Does chroot_local_user=YES work?

Last edited by ubijstvo; 05-07-2006 at 09:46 AM.
 
Old 05-07-2006, 11:26 AM   #5
JimBass
Senior Member
 
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100

Rep: Reputation: 49
That is correct, you should generally set chroot_local_user=YES. If you left it set as chroot_local_user=NO, and have the lines
Code:
chroot_list_enable=YES             and
chroot_list_file=/etc/vsftpd/chroot_list
Then you have some syntax wrong in the chroot_list file, or the permissions are off on that file.

I find it much easier to chroot everyone. Because of the permissions structure, regular users can't put things to non-home directories, and if you need to ftp a system file off of the machine, it is much easier to use the scp command from the machine to another through SSH.

Peace,
JimBass
 
Old 05-07-2006, 07:14 PM   #6
Anthraxnz
LQ Newbie
 
Registered: Sep 2005
Posts: 21

Original Poster
Rep: Reputation: 15
i had to create the chroot file.
all thats in it is just the username.
changed file permissions to 775 and still didnt work.
 
Old 05-09-2006, 06:22 AM   #7
Anthraxnz
LQ Newbie
 
Registered: Sep 2005
Posts: 21

Original Poster
Rep: Reputation: 15
found the problem. its does work.
turns out we're using SFTP instead which i had forgotten about
 
Old 05-10-2006, 03:02 AM   #8
ubijstvo
LQ Newbie
 
Registered: May 2006
Posts: 3

Rep: Reputation: 0
That's probably safer anyway.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting the home directory of current user in c++ jimsproch Programming 2 04-10-2006 02:15 AM
jail user to /home/user directory confused_user Linux - Security 12 03-15-2006 10:56 AM
How to get home directory of a login user lucky6969b Programming 5 02-20-2006 02:46 AM
How is your /home/user directory organized cyris Linux - General 4 04-09-2002 06:31 PM


All times are GMT -5. The time now is 12:23 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration