Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
01-27-2007, 10:39 AM
|
#1
|
LQ Newbie
Registered: Jan 2007
Posts: 2
Rep:
|
Making Ftp Folders Invisible
Hi,
We are using Redhat linux 4.0 enterprise edition and we have configured VSFTPD for ftp. I have created 10 user accounts to 10clients. Now I have query about making folders invisible.
one my of myclient using third party ftp tool for accessing his account after logging in he clicked on back then he was able to see entire other client folders but not accessable. As a confidentiality norm we can not make visible other clients folders. Please help me out inthis regard how to make other clinets folders to logged client.
Please Please.
Regards
Srinivas
Last edited by srinivasmrao; 01-27-2007 at 10:40 AM.
|
|
|
01-27-2007, 11:00 AM
|
#2
|
Senior Member
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100
Rep:
|
Make sure in the vsftpd.conf file that these lines are uncommented -
Code:
chroot_local_user=YES
local_enable=YES
Then set each user so that their home directory is the same directory that they can ftp into.
They can hit back, cd /, or any other string of commands, it won't let them see beyond their individual "area".
Peace,
JimBass
|
|
|
01-27-2007, 11:00 AM
|
#3
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
For each ftp user set it up as chroot to their specific directory. This means that whenever they login they will see their specific directory as if it were "/" even if it is really something like /home/ftpuser1. Because it is / they can never go up a directory (e.g. to /home).
This is something you would want to do for ANY ftp directory anyway since ftp itself is not very secure at all. We have several in house ftp directories used for transferring specific files. Even though they are internal we set them up as chroot.
For the chroot directory you'd have to add an etc and bin and possibly other subdirectories because that user won't have access to the existing /etc, /bin et al for the same reason as they won't have access to the full /home.
There are tutorials on setting this up. Do a Google search for ftp chroot.
By the way some people don't even allow commands like ls to work. If you know the file is there you can get it by typing in the name because you knew what it was. This also applies to subdirectories of the chroot directory. The user can cd to the subdirectory but has to know it is there. I've never gone quite that far so I'm not sure how it gets configured but I've been on plenty of ftp sites that do so I know it can be done.
|
|
|
01-29-2007, 01:44 AM
|
#4
|
LQ Newbie
Registered: Jan 2007
Posts: 2
Original Poster
Rep:
|
Thanks Jim
Thanks Jim. It's working.
Regards
Srinivas
Quote:
Originally Posted by JimBass
Make sure in the vsftpd.conf file that these lines are uncommented -
Code:
chroot_local_user=YES
local_enable=YES
Then set each user so that their home directory is the same directory that they can ftp into.
They can hit back, cd /, or any other string of commands, it won't let them see beyond their individual "area".
Peace,
JimBass
|
|
|
|
01-29-2007, 01:47 AM
|
#5
|
Senior Member
Registered: Oct 2003
Location: New York City
Distribution: Debian Sid 2.6.32
Posts: 2,100
Rep:
|
Glad it worked out for you. Enjoy!
Peace,
JimBass
|
|
|
All times are GMT -5. The time now is 04:52 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|