LinuxQuestions.org - restricting accounts in wu-ftp

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - restricting accounts in wu-ftp (https://www.linuxquestions.org/questions/linux-software-2/restricting-accounts-in-wu-ftp-40990/)

restricting accounts in wu-ftp

ok well when i make an acct with wu-ftp in the users and groups thingy in the start menu i cant get it to go into the the home dir it does into some kinda .kde folder.

update: i think i got that part fixed BUT now i dont know how to get set it where this ftp user CANT SEE files or the .kde directory.

basicly what i am asking is how do i go about settting up the user where he can only see what i want him to see and access.

With a DefaultRoot entry in your conf file.

This will make it so a user cannot travel outside of their "home" directory or where you set their default root at.

... I just noticed this was wu-ftp, I just assumed from your other thread is was PROFTPD, I'd assume it is very similar though, as a DefaultRoot isn't a ProFTPD only option AFAIK.

Cool

Quote:

Originally posted by MasterC
With a DefaultRoot entry in your conf file.

This will make it so a user cannot travel outside of their "home" directory or where you set their default root at.

... I just noticed this was wu-ftp, I just assumed from your other thread is was PROFTPD, I'd assume it is very similar though, as a DefaultRoot isn't a ProFTPD only option AFAIK.

Cool

ok i disabled wu-ftp and got FTP sense everyone seems to be using it. i dont get what u mean by defaultroot entry.

You said you got FTP, I am going to assume you mean ProFTPD...

A DefaultRoot entry looks something like this in /etc/proftpd.conf:

Code:

DefaultRoot ~

And to see how it fits in, here's my conf file :) :
ftp://masterc.no-ip.org/share/proftpd.conf

Cool

Quote:

Originally posted by MasterC
You said you got FTP, I am going to assume you mean ProFTPD...

A DefaultRoot entry looks something like this in /etc/proftpd.conf:

Code:

DefaultRoot ~

And to see how it fits in, here's my conf file :) :
ftp://masterc.no-ip.org/share/proftpd.conf

Cool

2 things

1 your right i meant proftpd.

and 2 for some reason i cant get the link to work

Yeah, you are correct, how odd (I will fix that ASAP, thank you very much for letting me know)... No worries, here's what it looks like:

Code:

masterc@masterc:~$ cat /etc/proftpd.conf

# This is a basic ProFTPD configuration file.

# It establishes a single server and a single anonymous login.

# It assumes that you have a user/group "nobody" and "ftp"

# for normal/anonymous operation.



ServerName                      "ProFTP MasterC Style"

#ServerType                    standalone

ServerType                      inetd

DefaultServer                  on

DefaultRoot                    ~



# Port 21 is the standard FTP port.

Port                            21

# Umask 022 is a good standard umask to prevent new dirs and files

# from being group and world writable.

Umask                          022

# To prevent DoS attacks, set the maximum number of child processes

# to 30.  If you need to allow more than 30 concurrent connections

# at once, simply increase this value.  Note that this ONLY works

# in standalone mode, in inetd mode you should use an inetd server

# that allows you to limit maximum number of processes per service

# (such as xinetd)

MaxInstances                    30



# Set the user and group that the server normally runs at.

User                            nobody

Group                          nogroup



# This next option is required for NIS or NIS+ to work properly:

#PersistentPasswd off



SystemLog                      /var/log/proftpd.log

TransferLog                    /var/log/xferlog



# Normally, we want files to be overwriteable.

<Directory /*>

  AllowOverwrite                on

</Directory>



# A basic anonymous FTP server configuration.

# To enable this, remove the user ftp from /etc/ftpusers.

<Anonymous /home/ftp>

  RequireValidShell            off

  User                          ftp

  Group                        ftp

  # We want clients to be able to login with "anonymous" as well as "ftp"

  UserAlias                    anonymous ftp



  # Limit the maximum number of anonymous logins

  MaxClients                    100



  # We want 'welcome.msg' displayed at login, and '.message' displayed

  # in each newly chdired directory.

  DisplayLogin                  .message

  DisplayFirstChdir            .message



  # Limit WRITE everywhere in the anonymous chroot

  <Limit WRITE>

    DenyAll

  </Limit>



  # An upload directory that allows storing files but not retrieving

  # or creating directories.

#  <Directory incoming/*>

#    <Limit READ>

#      DenyAll

#    </Limit>

#

#    <Limit STOR>

#      AllowAll

#    </Limit>

#  </Directory>



</Anonymous>

HTH

BTW, just checked it out, and it works if you right click and save as, or something similar to that... But I will get that fixed so you can just click (just got to figure out how ;) )

Cool

Restrictions from the ProFTPD documentation:
http://proftpd.linux.co.uk/localsite...ked/x1173.html

Cool

i dont see where your default root comes in.

It's like the 4th entry down not counting comments

thanks i got that fixed now.

how would i set it where they cant see the .kde dir and stuff.

like the other post i made

I would do that by giving them a different home directory in /etc/passwd. Instead of giving them their actual home directory, change it to something like I talked about before with the user1 and user 2 thing, where they have a different home than the user on the system would have normally...

So, maybe their entry would in /etc/passwd would be:
user1:x:1000:100::/home/games:/bin/bash

Then when they login, and you have the DefaultRoot given, it will send them straight to /home/games and there will be no .kde and so on.

Cool

Quote:

Originally posted by MasterC
I would do that by giving them a different home directory in /etc/passwd. Instead of giving them their actual home directory, change it to something like I talked about before with the user1 and user 2 thing, where they have a different home than the user on the system would have normally...

So, maybe their entry would in /etc/passwd would be:
user1:x:1000:100::/home/games:/bin/bash

Then when they login, and you have the DefaultRoot given, it will send them straight to /home/games and there will be no .kde and so on.

Cool

well im putting them on a diffrent Hard such as /hdb1/hdb1/Home

Home is the Home dir for the FTP users. The thing i dont want to have to do is make a copy of everything for diffrent users. such as

user1 for downloading games. user2 for downloading games but i want user 3 to be able to get to the games and a diffrent a web site folder. And i dont want user 1 and 2 getting to the web folder. thanks . If u need any more info just ask :).

Sure, you can restrict access by simply removing the execution bit on a folder. Make user3 a memeber of a different group than user1 and user2 and give execution to group only, not user (other than owner). Execution on a directory means to allow access, so if you take that away, then no-one without the x bit can enter that folder.

Cool

Quote:

Originally posted by MasterC
Sure, you can restrict access by simply removing the execution bit on a folder. Make user3 a memeber of a different group than user1 and user2 and give execution to group only, not user (other than owner). Execution on a directory means to allow access, so if you take that away, then no-one without the x bit can enter that folder.

Cool

hey thanks i got the .KDE folder to stop showing up simply by doing what u said. thanks alot dude.

How would i go about doing this.

I want user3 to be able to edit his web folder which is in a diffrent dir /var/www/html/user3/ and i want user3 to be able to see the games and stuff also how would i go about doing that. seeings how everything is in /hdb1/hdb1/ftp/Home/ .