how come when i ftp to a linux server, i cannot change the path of the server?
is this normal?

Other UX boxes, i can change the directory during a ftp session but not this

You might be logging into a server that has ftp "jailed" with chroot.

For security many admins (if they allow FTP at all instead of scp/sftp) will restrict access of the ftp login using a "jail". This makes use of the chroot command that essentially tells an account that its home should be viewed as its root. In such a setup you can only do cd to subdirectories of the jail but not to parents.

If this is the case then when you login as ftp it should return "/" when you type "pwd". Even though the directory may really be something like /home/ftpuser you'll never it see it that way if it has been jailed.

thanks for the reply

is this jailed configuration system wide or profile specific?

can i change it within my own profile, i do have root access thru sesu

For ftp I've done it was user specific. Actually I should say it was group specific - we'd add the users to a specific group which we'd allowed access to in our /etc/ftpaccess file. That was HP-UX (Unix) rather than Linux.

On my Debian Linux I see there is an /etc/ftpchroot file that mentions an ftpchroot man page. There is also an /etc/ftpusers file.

On my Redhat EL AS 3 these files do not exist. However the ftpd (8) man page does talk about chroot setup.

Probably best to have a look at your distro's man pagess for ftp and ftpd and also do ls -l /etc/ftp* to see if there are any existing config files there.

As intimated before I'm not allowing ftp on any of the Linux servers (or any NEW ftp users on HP-UX or BSD) because we decided to enforce use of scp/sftp instead of ftp (as well as ssh instead of telnet). Unfortunately since we have some automated stuff in Production that was built with ftp we can't just turn off all access. Our intent is to turn it all off over time as we migrate those automated utilities. I'd highly recommend using scp/sftp unless you have a similar Production requirement.

chroot is not limited to ftp by the way. We have chroot'ed our DNS (named daemon) stuff as well. Even with scp/sftp it would be possible to do chroot to help enhance the security of the users beyond just the key setup allowed.

How do you "Jail" it to where they can only see to those certian folders?

Jailing is done with the "chroot" command.

Do a "man chroot" for details.

As noted in prior post it appears Debian may have a special config for ftp chroot so doing "man ftpchroot" on some distros may find info.

If not then "man ftp" and/or "man ftpd" to see if there are any comments about chroot within them.

Generally speaking what you do is setup a directory that contains all the files the user would need to operate that becomes the root ("/") as perceived by that user on login. There are good exampels for named (DNS name daemon) you can google for DNS security for details:

Breifly it generally involves creating a directory and copying in key files into relative subdirectories of that (usually you'll copy in stuff from /etc to a subdirectory named etc for example). You then make sure these files ONLY have the information that user would need (for example although you'd copy in /etc/passwd you don't want to leave all the entries in the subdirectory etc/passwd - you only need the one for the user itself - you do this so that if a hacker DOES get in they can't get anywhere outside the directory and also can't get any benefit to getting that one passwd entry).