Chroot users

thecrab · 02-21-2002, 02:30 PM

I'm running RedHat 7.2. This is a ftp server. (proftpd)

I try to chroot my users on the server....
When the users connect with ftp there is no problems. They are chroot into home folder.
But if the users log directly on the server (with ssh or localy) (Normally they are not suppose to do that, but one day someone will try.... ) they can access everything..... (like a normal user)

Someone know what I have to do to chroot the users also on the server????

unSpawn · 02-21-2002, 04:17 PM

Maybe this part of "Securing and Optimizing Linux" (ok, its the RH ed., but that doesn't matter here) may help you understand why you shouldn't offer real shells to chroot ftp server users.

thecrab · 02-26-2002, 01:34 PM

That was very helpful!

You found the solution to my problem!
Wow!

Thank you again!

jonfa · 02-28-2002, 08:19 PM

I followed this and my user can still get out of his directory. How can I test and see where my problem lies? Thanks.

Jon

unSpawn · 03-01-2002, 01:08 AM

Guess you gotta be more verbose than saying "I followed this and it didn't work".
If user logged in with ftp, look at your ftp/chroot configs, if by ssh, theres a way to chroot users but that only works with key auth, not passwd, and btw, are ssh and ftp user accounts different like it says in the howto? And did you read the whole ftp chapter?

Better post the steps you took to set up the chrooted users (also watch permissions/users) and post (the necessary parts of) your configs.

jonfa · 03-01-2002, 02:07 AM

You're right about my vagueness. Here is what I did:

1. useradd -d /var/ftp/myuser/ -s /dev/null myuser > /dev/null 2>&1

2. created directory in /var/ftp/myuser

3.edited /etc/shells file to include /dev/null

4.edited /etc/passwd to read:myuser:x:502:502::/var/ftp/./myuser/:/dev/null

5. I then set the permissions as described here:
http://www.linuxdoc.org/LDP/solrhe/S...p29sec296.html

What else do I need to do? As I said earlier "myuser" can get in ok, but he can navigate outside his directory. How can I check to verify the permissions are what they need to be and trap him in that the respectable directory?

Thanks,

Jon

unSpawn · 03-03-2002, 05:21 PM

Ok. Did you also read Wu-ftpd's guest-howto?
Are you using the "guest-root" directive or the /./ hack, cuz would set the chroot?