Restricting directory browsing over network
Hi! First off let me say how much I am enjoying my slackware experiance. I dual boot XP/Ubuntu on my laptop but chose Slackware when I built my home server box because I strive to learn and liked what I read about slackware.
My slackbox is meant to allow me to access my files via the internet through http, ssh, ftp. I am playing around to do my own http hosting but my domain and webhosting plan just renewed so I'm keeping my website there until I feel comfortable with hosting it myself. While playing with dynamic dns service and browsing my slackbox with my laptop through the internet, I became uncomfortable being able to browse my whole directory tree. I was about to view my whole root folder via ftp and http and I didnt care much for the idea of that being browsable to anyone so I began looking for a way to lock down anything other than /var/www (apache) and /home/<user> (ftp). I looked through the configuration files and couldnt really see how to do this. I am using vsftpd and apache. I don't know the exact version of apache because I'm doing a reinstall (I started playing with groups and permissions. To save myself embarassment, lets just say I started to mass edit directory permissions. Feel free to laugh, but it was a learning experiance and I dont regret it.) The version of apache I'm running is the version that comes with slackware 10.2 My question is: How can I keep remote users from leaving /var/www or /home/<user> (aside from subdirectories) via http or ftp **** EDIT **** I couldn't decide if this should go to the "Network" forum due to the question asked or "Slackware" forum since this is dealing with slackware. If I chose the wrong forum, then I offer my apologies to the mods and understand if they move this post. |
apache should restrict access by default
for vsftpd add chroot_local_user=yes to the conf |
via http and ftp, they shouldnt be able to browse past root folder. ie apache /var/www/htdocs should be as close to "core" tree as they can get. You probably have something configured wrong..
If you want to go one more step, I setup a chroot on my apache server. http://docs.linux.com/article.pl?sid...&tid=14&tid=35 soule |
All times are GMT -5. The time now is 12:48 AM. |