LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   stop ftp users from cd in to other directories (https://www.linuxquestions.org/questions/linux-newbie-8/stop-ftp-users-from-cd-in-to-other-directories-676759/)

procfs 10-16-2008 05:28 AM
stop ftp users from cd in to other directories
 
Hi

Can some one tell me how to stop ftp users from navigating (cd) out of its home directory. I want them to be restricted on to their home directory

I am using Redhat AS4 and wsftp or vsftp I dont mind using

Regards

acid_kewpie 10-16-2008 05:39 AM
http://www.cyberciti.biz/tips/vsftp-...directory.html

billymayday 10-16-2008 05:46 AM
Chris, I never followed (nor could I find any useful info online) as to the security concerns in chrooting ftp uses. From man vsftpd.conf

Quote:
chroot_local_user
If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users have upload permission, or shell access. Only enable if you know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP daemons which offer to put local users in chroot() jails.

Default: NO
Do you know what the issue is?

procfs 10-16-2008 05:50 AM
Hi thanks guys

Best regards

acid_kewpie 10-16-2008 07:03 AM
TBH no I don't know. From the perspective of adding a risk there is the use of the chroot code which wouldn't be there without, I'm not sure if that actually does use the generic chroot functions or is an internal repimplementation, but it makes the overall solution more complex i guess. Within a chroot you have /home/user appear to be just /, so if there is a shared account you could easily have a user access /bin/passwd or such and actually access /home/user/bin/passwd.


All times are GMT -5. The time now is 05:43 PM.