LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-16-2008, 05:28 AM   #1
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 608

Rep: Reputation: 34
stop ftp users from cd in to other directories


Hi

Can some one tell me how to stop ftp users from navigating (cd) out of its home directory. I want them to be restricted on to their home directory

I am using Redhat AS4 and wsftp or vsftp I dont mind using

Regards
 
Old 10-16-2008, 05:39 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
http://www.cyberciti.biz/tips/vsftp-...directory.html
 
Old 10-16-2008, 05:46 AM   #3
billymayday
LQ Guru
 
Registered: Mar 2006
Location: Sydney, Australia
Distribution: Fedora, CentOS, OpenSuse, Slack, Gentoo, Debian, Arch, PCBSD
Posts: 6,678

Rep: Reputation: 122Reputation: 122
Chris, I never followed (nor could I find any useful info online) as to the security concerns in chrooting ftp uses. From man vsftpd.conf

Quote:
chroot_local_user
If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users have upload permission, or shell access. Only enable if you know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP daemons which offer to put local users in chroot() jails.

Default: NO
Do you know what the issue is?
 
Old 10-16-2008, 05:50 AM   #4
procfs
Member
 
Registered: Jan 2006
Location: Sri Lanka
Posts: 608

Original Poster
Rep: Reputation: 34
Hi thanks guys

Best regards
 
Old 10-16-2008, 07:03 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975Reputation: 1975
TBH no I don't know. From the perspective of adding a risk there is the use of the chroot code which wouldn't be there without, I'm not sure if that actually does use the generic chroot functions or is an internal repimplementation, but it makes the overall solution more complex i guess. Within a chroot you have /home/user appear to be just /, so if there is a shared account you could easily have a user access /bin/passwd or such and actually access /home/user/bin/passwd.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP virtual users with different home directories remi Linux - Software 14 07-27-2009 11:20 AM
Setting up ftp only users in non std directories dwynter Linux - Newbie 1 12-19-2005 05:03 PM
FTP users prevent browsing to other directories mephesto Linux - Software 2 05-07-2005 10:03 AM
FTP Users are able to Traverse directories up to the root of my server stingay Red Hat 6 10-25-2003 03:22 AM
Havin trouble allowing FTP users to access files and directories bripage Linux - Networking 9 04-15-2002 03:54 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 10:40 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration