[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LI] FTP restrictions...

To: linux-india@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [LI] FTP restrictions...
From: "Binand Raj S." <binand@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 9 Nov 1999 19:26:55 +0530
In-reply-to: <015501bf2a66$971611e0$0b01a8c0@destinationin.com>
References: <004801bf298f$1d3d9320$bd52c5cb@m1> <38274ACC.8747CBE@SoftHome.net> <38274A5F.459A2068@netscape.com> <015501bf2a66$971611e0$0b01a8c0@destinationin.com>
Reply-to: linux-india
Sender: owner-linux-india@xxxxxxxxxxxxxxxxxxxxx
User-agent: Mutt/0.96.6i

R Manoj forced the electrons to say:
> Hello Thaths,
> I tried your suggestion to prevent the user from browsing anyother directory
> than his/her home dir while FTP. But it doesn't work.
> The line in my /etc/passwd is like this :-
> user_login::511:100::/home/user_login/./:/bin/false
> 
> But still the user is able to browse all the file systems. Am i missing
> something else ? I am using RH 5.2 with FTP server (version
> wu-2.4.2-academ[BETA-18] ) .
> 
> Thanks a lot,
> Manoj.
> 

Actually, this is slightly more complicated than this.

A step by step instruction set:

Let us assume you want to create a user ftponly to have only ftp access
to his account on your linux machine. Go through the following steps.

1. Add the user (using linuxconf, let us say). Set his shell as /bin/false.

2. Add /bin/false to /etc/shells.

3. Edit /etc/passwd and change the line of ftponly to:

ftponly:<passwd>:uid:gid:OnlyFTP:/home/ftponly/.//:/bin/false
(note the new and improved home field)

4. If you are using RHL, then the group of ftponly is also ftponly. So
add the line

guestgroup ftponly ftponly

to /etc/ftpaccess.

Create the directories /usr/ftponly/{bin,etc,lib} and the files inside
them.  You can (and should) use the anonymous ftp login's home directory
for the required files and permissions.

Since ftpd runs from inetd, the whole setup is complete. Test the new
ftponly login that you have created and release it to the user.

Note: The whole procedure is RHL and WU-FTPD specific. See man ftpaccess
for more details of the ftpaccess file.

More to note: Any further user can be added to this restricted set
by setting his group as ftponly and setting up his home as for the
first user.

Binand

-- 
#include <stdio.h>                                   | Binand Raj S.
char *p = "#include <stdio.h>%cchar *p = %c%s%c;     | This is a self-
int main(){printf(p,10,34,p,34,10);return 0;}%c";    | printing program.
int main(){printf(p,10,34,p,34,10);return 0;}        | Try it!!
--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.

Follow-Ups:
- Re: [LI] FTP restrictions...
  - From: Sudhakar Chandrasekharan

References:
- [LI] Fw: FTP not started
  - From: Praveen
- [LI] FTP restrictions...
  - From: Sunit Mathur
- Re: [LI] FTP restrictions...
  - From: Sudhakar Chandrasekharan
- Re: [LI] FTP restrictions...
  - From: R Manoj

Prev by Subject: Re: [LI] FTP restrictions...
Next by Subject: Re: [LI] FTP restrictions...
Previous by thread: Re: [LI] FTP restrictions...
Next by thread: Re: [LI] FTP restrictions...
Index(es):
- Subject
- Thread