ffi Posted August 5, 2006 Report Share Posted August 5, 2006 Hi, i want to let some people have access to some files but I want to make it impossible (as far as possible) for the outside to have access to any other dir, how do I do this? I use ftpd. Quote Link to comment Share on other sites More sharing options...
Urza9814 Posted August 5, 2006 Report Share Posted August 5, 2006 (edited) This is all for ProFTPD...I don't know if there's a difference: There's an option in the config file where you can lock them into a directory. I would suggest making a separate user account, lock them into that user's home directory, and, if needed, set all the files to be owned by root and give read-only access. If you're in webmin, the option is under 'Files and Directories'....you can limit to their home directory or to any other directory (so you could create a /ftp/ directory for example).... Here's the setting in the config file (line 33): # To cause every FTP user to be "jailed" (chrooted) into their home # directory, uncomment this line. #DefaultRoot ~ just replace that ~ with whatever directory you want if you don't want it to be the home directory. Edited August 5, 2006 by Urza9814 Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted August 6, 2006 Report Share Posted August 6, 2006 The most easiest is to create a user for each one, and then they can use their own username/password to connect over ftp. Then they'll be restricted to where there directories are. Make sure you chroot the users, so that they stay in /home/username, and not allowed to go to /home or even /. That way you won't need to screw around too much with permissioning on the rest of the system. Quote Link to comment Share on other sites More sharing options...
ffi Posted August 6, 2006 Author Report Share Posted August 6, 2006 Thanks for the answers but how do I prevent people from trying to get access to my home? Quote Link to comment Share on other sites More sharing options...
Urza9814 Posted August 6, 2006 Report Share Posted August 6, 2006 (edited) Just follow the advice in either of these posts. It'll lock them into their home directory (or any other directory of your choosing), so they won't be able to access yours. Though they won't have permission for any of the files in your home anyways... Edited August 6, 2006 by Urza9814 Quote Link to comment Share on other sites More sharing options...
ianw1974 Posted August 7, 2006 Report Share Posted August 7, 2006 If you chroot them with a command in the ftp config file, they'll never be able to get out of their own home directory. Besides, even if they could, they still couldn't get into your home directory. I'd still chroot them for additional security. If you haven't already, do: urpmi drakwizard and then you can go through the ftp config wizard for proftpd if you've got this one installed. There is an option here to enable chroot, which will save you manually editing the config file. Quote Link to comment Share on other sites More sharing options...
tyme Posted August 7, 2006 Report Share Posted August 7, 2006 ftp is bad. you should set up an ssh server and have them use sftp instead - ssh is much more configurable and ftp sends username/password in clear text - making it a simple matter of grabbing packets to get that information. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.