FTP permissions question

Seventh · 06-15-2004, 01:18 PM

This is probably super newbie, but I have to ask..

I have a user that I want to be able to FTP in, but have no permissions above his home directory.

I did an adduser "fred", and passwd "fred", and voila, Fred can FTP to my server, and he starts up in his home directory.

But, he can cd .. all the way back to root. Can't do anything there, but I'd like to restrict him to just his home directory and stuff under it.

If there's a tutorial on this I'd love a link - everything I google seems to be much more in depth than I need.

Redhat 9, command line only, btw.

TIA

Donboy · 06-15-2004, 01:21 PM

You need to "chroot" him to his home directory. There are FTP programs that do this. ProFTPd is one. That's the one I use. Look for a tutorial on setting that up on your machine. It's a good idea because you don't want users being able to view all the stuff on your machine. Sooner or later, somebody will abuse this and try something malicious.

tisource · 06-15-2004, 03:12 PM

I agree, proftpd is the way to go. It will allow you to "chroot" them to their home directory, which will help keep them out of places they shouldn't be. ProFTPd is my favorite, and highly recommend it. Most major vendors include it in their distributions, so getting it installed should be relatively painless. We can help you with the syntax of the config file if that is a problem.

Seventh · 06-16-2004, 12:17 PM

Thanks guys, I am running proftpd.

The bold code is what I had to edit to set the home directory as "virtual root".

Quote:

# This is a basic ProFTPD configuration file (ren
# 'proftpd.conf' for actual use. It establishes
# and a single anonymous login. It assumes that
# "nobody" and "ftp" for normal operation and ano

ServerName "ProFTPD"
ServerType inetd
ServerType inetd
DefaultServer on
<Global>
DefaultRoot ~
AllowOverwrite on
</Global>
DefaultTransferMode binary
UseFtpUsers on

tisource · 06-16-2004, 02:27 PM

Okay, you need to change your "DefaultRoot" to

DefaultRoot ~ group1

Whoever is in the group1 group will be "chrooted" into their home directory.

You can add group names to the directive, like this:

DefaultRoot ~ group1,group2

Whoever is in group1 and group2 will be "chrooted" into their home directory.

Or, alternatively,

DefaultRoot ~ group1,!group2

Whoever is in group1 but not in group2 will be "chrooted" into their home directory.

Hope that helps.

Good luck!

darklordzim · 06-16-2004, 03:09 PM

is there a way to do the same thing with vsftpd? thats what i'm running .. and i was wondering the same thing.. i know anon is auto chrooted to /var/ftp/ but any system user can view the whole tree?

tisource · 06-16-2004, 07:03 PM

I have no idea.... I've never used vsftpd. I had someone try to convince me to use vsftpd, but I stick with what I know (and ProFTPd has served me well!!). Sorry.

I'm sure there is an answer in the vsftpd documentation (you'd think, anyway).

Seventh · 06-16-2004, 07:13 PM

Aye I wish I could help also.

On the other hand, I'll fedex someone some cookies if they can help me figure this guy out:

http://www.linuxquestions.org/questi...hreadid=194229

dotc · 06-23-2004, 03:33 PM

Hi:
I have created an FTP super user who should be able to access all the other files. I have done that using vsftpd config file. The only problem i m facing is when the user uploads the file into his account. The default permissions set for the file is rw------- while i want it to be set as rw-rw---- so that the group users will be access the files and the super user is one on the group. I want to know if there is any way to get this thing working.
Thanks in Advance
cheers
Chethan Channappa
Research Assistant
University of Texas at Dallas

Donboy · 06-23-2004, 03:55 PM

You should probably post a brand new thread for this question so it can get noticed by people who know vsftp pretty well. I only know proftpd and this thread is all about proftpd, so people may not notice your question at all.