LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Jailing users with ProFTPd (http://www.linuxquestions.org/questions/linux-security-4/jailing-users-with-proftpd-305970/)

bullium 03-25-2005 12:37 PM

containing users with ProFTPd
 
Distro slackware 10.0
Using ProFTPd v1.2.10

I have a couple of users I need to keep from roaming around my entire system once they log into my FTP server. There are 3 users that belong to the same group. here is the directory structure.

/home/group/user1
/home/group/user2
/home/group/user3

I want each user to have access to the group directory but not go any farther than than that. I want them jailed to /home/group. I have added these lines to my /etc/proftpd.conf file.

Code:

DefaultRoot /home/group user1
DefaultRoot /home/group user2
DefaultRoot /home/group user3

I've also tried this.
Code:

DefaultChdir /home/group group
This does drop everyone in the group group into /home/group when the log in but doesn't keep them here.

After making those changes and restarting the server each user can still leave the group folder and go up to /home and even / which I DONOT like. Any help would be appreciated.

awdac 03-25-2005 02:27 PM

try:
Code:

DefaultRoot /home/group group

bullium 03-25-2005 02:36 PM

That seems to have done it :). I guess you can't specify individual users, has to be groups? Now that I've read the FAQ on proftpd.org for the 15th time, I see that it never said to use the username it said to use a group. Hope someone else can learn from my mistake.

awdac 03-25-2005 02:55 PM

Quote:

Originally posted by bullium
That seems to have done it :). I guess you can't specify individual users, has to be groups?
I don't use that feature, so I don't know for sure, but I think you have to set up more virtuals to handle the specifics of a user because the directives only accept group definitions according to the docs. Some of the configuration examples on their site appear to do something similar to what you're asking though. You could always just put DefaultRoot ~ to make them all go to their home directories only...

bullium 03-25-2005 03:00 PM

Quote:

Originally posted by awdac
I don't use that feature, so I don't know for sure, but I think you have to set up more virtuals to handle the specifics of a user because the directives only accept group definitions according to the docs. Some of the configuration examples on their site appear to do something similar to what you're asking though. You could always just put DefaultRoot ~ to make them all go to their home directories only...
I know but the way I explained it earlier is just what I needed and now I have it working perfectly :) thanks for your help.


All times are GMT -5. The time now is 09:03 AM.