Hi,

I just setup my redhat 7.3 and enabled the telnet service.

I created 2 user a/cs when I installed it.

Both of them can telnet to my server and browse all the directories.

How can I restrict them to a certain directory only, just like the ftp a/c?

Also, how can I disable anonymous telnet and FTP access?

Thanks in advance.

gogo

first off, you might want to look into ssh, it should be installed with redhat 7.3, and its more secure than telnet.

to restrict them while they are either telnetting or ssh maybe, look into chmod. just simple file and directory permissions can restrict them to a spcific directory.

about anonymous telnet login, doesn't really work that way but usually anonymous ftp is controlled by the /etc/ftpaccess in redhat 7.3 i believe.

You want to look into chroot jails. It locks a user in a specified directory upon login. It appears as if the login dir is the entire filesystem. Do a google search. I haven't tried chrooting but I've heard that's the way to go.

(BTW what FTP server app are you running? WU-FTP or ProFTP?)

I use wu-ftp and my friend told me to disable both telnet and wu-ftp as they are not secured.

How should I configure SSH and where could I download the rpm of ProFTP?

Thanks for advice

gogo

SSH will solve all of your security needs, As for ProFTP, FTP is inheirently insecure regardless of the make or model of the software.

Hi,

I installed the ProFTP and disabled the anonymous ftp login.

http://proftpd.linux.co.uk/docs/faq/...h5.html#AEN656

12. How can I limit users to a particular directory tree?

For general open access you can use an <Anonymous> directive context block, possibly in combination with a UserPassword/AnonRequirePassword directive.

However if you wish to jail an entire group (or groups) of users, you can use the DefaultRoot directive. DefaultRoot lets you specify a root jailed directory (or "~" for the user's home directory), and an optional group-expression argument which can be used to control which groups of users the jail will be applied to. For example:

...
<VirtualHost myhost.mynet.foo>
DefaultRoot ~
...
</VirtualHost>

This creates a configuration where all users who log into myhost.mynet.foo are jailed into their home directories (cannot chdir into a higher level directory). Alternatively, you could:

...
<VirtualHost myhost.mynet.foo>
DefaultRoot /u2/public users,!staff
...
</VirtualHost>

In this example, all users who are members of group "users", but not members of group "staff" are jailed into /u2/public. If a user does not meet the group-expression requirements, they login as per normal (not jailed, default directory is their home). You can use multiple DefaultRoot directives to create multiple jails inside the same directive context. If two DefaultRoot directives apply to the same user, ProFTPD arbitrarily chooses one (based on how the configuration file was parsed).

In this FAQ, it mentioned that VirtualHost and the following article mentioned the Virtual Host FTP server:

9. How do I setup a virtual FTP server?

You'll need to configure your host to be able to handle multiple IP addresses. This is often called "aliasing", and can generally be configured through an IP alias or dummy interface. You need to read your operating system documentation to figure out how to do this. Once your have the host configured to accept the additional IP address that you wish to offer a virtual FTP server on, use the <VirtualHost> configuration directive to create the virtual server:

<VirtualHost 10.0.0.1>
ServerName "My virtual FTP server"
</VirtualHost>

You can add additional directive blocks into the <VirtualHost> block in order to create anonymous/guest logins and the like which are only available on the virtual host.

May I ask how can I setup the virtual host?

Thanks for advice.

gogo

By default when a user logs in via telnet he is restricted to his home directory only

Not with all distro's. And I do believe with Redhat 7.3, I telnetted in with no problems browsing all the directories. But no one should be using telnet anylonger these days.

If I do not setup the Virtual Host, am I able to limit a user to view other directories?

If not, can I hidden all other folders? It seems not feasible as there are so many folders and the people who know the linux system hierarchy can enter the folder directly.

What can I do now? Is Virtual host my only exit?

Thanks for help.

gogo

i didn't understand where to write the stuff of
<VirtualHost 10.0.0.1>
ServerName "My virtual FTP server"
</VirtualHost>

i beleive that you could create a group with very limited permisions .. and when they telnet and ftp .. they are by defualt have some limited permisions .. in addition to the limitation that the group they are in has ..

well didn't try to do it yet ..