LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 05-05-2006, 12:52 AM   #1
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Rep: Reputation: 282Reputation: 282Reputation: 282
[proftp]user has access to whole filesystem


I have recently setup a SLackware10.1 box running proftpd. proftpd is started by inetd.
The system has one normal user. This user has (for some reason) ftp access (at least read) to the whole file system.
This is not the intention and I like to know how to solve this.

Reading up tells me to chroot the user to his home directory. Also, searching this forum refers to chroot.
I've added the bold lines to proftpd.conf and restarted inetd (I assumed that that's necessary as proftpd started by inetd).
Code:
# This is a basic ProFTPD configuration file.
# It establishes a single server and a single anonymous login.
# It assumes that you have a user/group "nobody" and "ftp"
# for normal/anonymous operation.

ServerName                      "ProFTPD Default Installation"
#ServerType                     standalone
ServerType                      inetd
DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# To prevent DoS attacks, set the maximum number of child processes
# to 30.  If you need to allow more than 30 concurrent connections
# at once, simply increase this value.  Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances                    30

# Set the user and group that the server normally runs at.
User                            nobody
Group                           nogroup

# This next option is required for NIS or NIS+ to work properly:
#PersistentPasswd off

SystemLog                       /var/log/proftpd.log
TransferLog                     /var/log/xferlog

# Normally, we want files to be overwriteable.
<Directory /*>
  AllowOverwrite                on
</Directory>

#WimS
<VirtualHost btd-techweb01.mca.naspers.dom>
DefaultRoot ~
</VirtualHost>

# A basic anonymous FTP server configuration.
# To enable this, remove the user ftp from /etc/ftpusers.
<Anonymous ~ftp>
  RequireValidShell             off
  User                          ftp
  Group                         ftp
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp

  # Limit the maximum number of anonymous logins
  MaxClients                    50

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                  welcome.msg
  DisplayFirstChdir             .message

  # Limit WRITE everywhere in the anonymous chroot
  <Limit WRITE>
    DenyAll
  </Limit>

  # An upload directory that allows storing files but not retrieving
  # or creating directories.
#  <Directory incoming/*>
#    <Limit READ>
#      DenyAll
#    </Limit>
#
#    <Limit STOR>
#      AllowAll
#    </Limit>
#  </Directory>

</Anonymous>
This does not seem to do the trick. It also does not make sense to me as I don't want a virtual host. Seeing the word 'DefaultRoot' then also does not make sense, it's just the default.

So how can I limit user access? Thanks in advance

PS 1
The user only belongs to group users
PS 2
I ran Slackware 10.0 before with proftp and can't remember that I had this problem (stock standard worked as far as I can remember).

Last edited by Wim Sturkenboom; 05-05-2006 at 12:54 AM.
 
Old 05-05-2006, 02:13 AM   #2
bathory
Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 10,897

Rep: Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322Reputation: 1322
Remove the <VirtualHost...> and </VirtualHost> lines since you don't need them and change DefaultRoot to:
Code:
DefaultRoot ~/
I guess the user's homedir is /home/userid and not /
 
Old 05-08-2006, 07:57 AM   #3
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Slackware 10.1/10.2/12, Ubuntu 12.04, Crunchbang Statler
Posts: 3,786

Original Poster
Rep: Reputation: 282Reputation: 282Reputation: 282
Tnanks. I however kept the DefaultRoot as was and that works as well.
 
  


Reply

Tags
chroot, proftpd, virtualhost


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
proFTP root access elbriga Linux - Networking 5 09-18-2004 08:56 PM
Mandrake/Proftp Access Rights Pedderz Linux - Networking 1 08-02-2004 11:14 AM
access rights using proftp everydayparadis Linux - Newbie 4 07-08-2004 02:09 PM
ftp access/ account on Debian w/proFTP dozenmatta Linux - Newbie 0 11-19-2003 11:58 PM
proftp access to /var/www/htdocs with rw datadriven Slackware 0 06-27-2003 11:11 AM


All times are GMT -5. The time now is 12:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration