[OLUG] restricted ftp server

Tim Russell russell at probe.net
Fri Apr 21 14:17:12 UTC 2000


Hmm - keep up to date on the ProFTPD updates - I'm not terribly impressed
with the number of security vulnerabilities I've seen come out of that
program.

People who used to have Probe web accounts will know that our webserver was
set up so that every user on the system was locked into their personal
webspace when they FTP'd in.  I really wish Radiks would set this up, but as
it is I can romp all over their webserver once I FTP in with my own login.
Ah well.

What I did was create an adduser script for web accounts.  I made a
"template" directory that was basically of the same structure as that
anonymous FTP home directory - including the shared libraries needed,
welcome message, etc.  Then, to create a new user, the script would create
their home directory and "public_html" directory, plus hard links to
everything needed in the template directory - to save disk space.

Everybody who was to be treated in this way was put into the group
"ftponly", and then I just included a "guestgroup ftponly" directory in
wuftpd's config file.  Done.

Let me know if anyone is really interested in this and I can cook up a
script again.

Tim #1

----- Original Message -----
From: "Quinn Coldiron" <qcoldiron at yahoo.com>
Subject: [OLUG] restricted ftp server


> I've got a RH 6.0 box running wu-ftpd.  I would like to make a certain
user
> account have access ONLY to his home directory.  I don't want him to be
able to
> get out of that directory while he is ftp'd into the server.  How can I do
> that?
>
> It's OK if he make subdirectories, but I don't want him to be able to move
"up"
> into /etc, /usr and others.



-------------------------------------------------------------------------
Sent by OLUG Mailing list Manager, run by ezmlm.  http://olug.bstc.net/ 
To unsubscribe: `echo unsubsribe | mail olug-unsubscribe at bstc.net` 



More information about the OLUG mailing list