LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 12-13-2005, 09:19 PM   #1
justanothersteve
Member
 
Registered: Aug 2005
Location: Missouri, USA
Distribution: Gentoo
Posts: 161

Rep: Reputation: 30
Restricting directory browsing over network


Hi! First off let me say how much I am enjoying my slackware experiance. I dual boot XP/Ubuntu on my laptop but chose Slackware when I built my home server box because I strive to learn and liked what I read about slackware.

My slackbox is meant to allow me to access my files via the internet through http, ssh, ftp. I am playing around to do my own http hosting but my domain and webhosting plan just renewed so I'm keeping my website there until I feel comfortable with hosting it myself.

While playing with dynamic dns service and browsing my slackbox with my laptop through the internet, I became uncomfortable being able to browse my whole directory tree. I was about to view my whole root folder via ftp and http and I didnt care much for the idea of that being browsable to anyone so I began looking for a way to lock down anything other than /var/www (apache) and /home/<user> (ftp). I looked through the configuration files and couldnt really see how to do this.

I am using vsftpd and apache. I don't know the exact version of apache because I'm doing a reinstall (I started playing with groups and permissions. To save myself embarassment, lets just say I started to mass edit directory permissions. Feel free to laugh, but it was a learning experiance and I dont regret it.) The version of apache I'm running is the version that comes with slackware 10.2

My question is: How can I keep remote users from leaving /var/www or /home/<user> (aside from subdirectories) via http or ftp

**** EDIT ****
I couldn't decide if this should go to the "Network" forum due to the question asked or "Slackware" forum since this is dealing with slackware. If I chose the wrong forum, then I offer my apologies to the mods and understand if they move this post.

Last edited by justanothersteve; 12-13-2005 at 09:25 PM.
 
Old 12-13-2005, 10:27 PM   #2
kodon
Member
 
Registered: Jul 2004
Location: [jax][fl][usa]
Distribution: Slackware64-current
Posts: 796

Rep: Reputation: 31
apache should restrict access by default
for vsftpd add chroot_local_user=yes to the conf
 
Old 12-13-2005, 10:28 PM   #3
soulestream
Member
 
Registered: Nov 2005
Posts: 183

Rep: Reputation: 30
via http and ftp, they shouldnt be able to browse past root folder. ie apache /var/www/htdocs should be as close to "core" tree as they can get. You probably have something configured wrong..

If you want to go one more step, I setup a chroot on my apache server.


http://docs.linux.com/article.pl?sid...&tid=14&tid=35

soule
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
.htaccess restricting parent directory Braytac Linux - Networking 2 05-26-2005 05:27 PM
Restricting directory access with vsftpd BobM Linux - General 1 03-30-2004 10:19 AM
restricting directory access with vsftpd BobM Linux - Networking 0 03-30-2004 08:07 AM
Restricting user directory permissions britishnemesis Linux - Security 1 11-17-2003 06:10 AM
Restricting user home directory ? chuck77 Linux - General 3 11-27-2001 06:44 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 10:58 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration