Hello,
I have setup a centos server running 5.5 and I have a problem with the FTP settings.
Currently I have two FTP accounts based on that server, they lead to:
/home/bella /home/carmen
Currently the FPT accounts starts in the home directory when they are logged in. But they are able to see all directories on the server. What can I do to make sure they cant come out of there home directory?
If you are using proftpd, you have to add this line to the config file:
DefaultRoot ~
More info at:
http://www.proftpd.org/docs/directives/linked/config_ref_DefaultRoot.html
Regards.
On 14-03-2011 14:27, Huib Laurens wrote:
Hello,
I have setup a centos server running 5.5 and I have a problem with the FTP settings.
Currently I have two FTP accounts based on that server, they lead to:
/home/bella /home/carmen
Currently the FPT accounts starts in the home directory when they are logged in. But they are able to see all directories on the server. What can I do to make sure they cant come out of there home directory?
-- Regards, Huib "Abigor" Laurens
Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, Mar 14, 2011 at 1:27 PM, Huib Laurens sterkebak@gmail.com wrote:
Hello,
I have setup a centos server running 5.5 and I have a problem with the FTP settings.
Currently I have two FTP accounts based on that server, they lead to:
/home/bella /home/carmen
Currently the FPT accounts starts in the home directory when they are logged in. But they are able to see all directories on the server. What can I do to make sure they cant come out of there home directory?
-- Regards, Huib "Abigor" Laurens
Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
It depends on the FTP server software you use. If you are using VSFTP, then you want to add or uncomment the following line in /etc/vsftpd/vsftpd.conf chroot_local_user=YES Save the changes. Restart VSFTPD. This will jail the user to their home directory. Taken from: http://centoshacker.com/kabir/remove-access/creating-a-chroot-jail-enabled-f...
If you use ProFTPD (which is what I use), then follow this guide: http://www.proftpd.org/docs/howto/Chroot.html
Josh
On Mon, 2011-03-14 at 13:32 -0400, Josh wrote:
It depends on the FTP server software you use. If you are using VSFTP, then you want to add or uncomment the following line in /etc/vsftpd/vsftpd.conf chroot_local_user=YES Save the changes. Restart VSFTPD. This will jail the user to their home directory. Taken from: http://centoshacker.com/kabir/remove-access/creating-a-chroot-jail-enabled-f...
But do read the .conf file
------------ # You may specify an explicit list of local users to chroot() to # their home directory. # If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). # (default follows) # chroot_list_file=/etc/vsftpd/chroot_list ------------
You can, instead, add the users name to the "chroot_list_file". Then don't active "chroot_local_user=YES". I use the file and have these lines active in vsftpd.conf
chroot_list_enable=YES chroot_list_file=/etc/vsftpd/chroot.list
With best regards,
Paul. England, EU.
On Mon, Mar 14, 2011 at 1:27 PM, Huib Laurens sterkebak@gmail.com wrote:
Hello,
I have setup a centos server running 5.5 and I have a problem with the FTP settings.
Currently I have two FTP accounts based on that server, they lead to:
/home/bella /home/carmen
Currently the FPT accounts starts in the home directory when they are logged in. But they are able to see all directories on the server. What can I do to make sure they cant come out of there home directory?
-- Regards, Huib "Abigor" Laurens
First things first. *DO NOT* use FTP. It's a blatantly insecure protocl and passes passwords, and data, in the clear.
Second, if you *MUST* use FTP, do not use it with normal usernames and passwords.
Third, if you *MUST* use FTP, use FTPS which SSL tunnels the connections.
Fourth, read the manual page on the "vsftpd" server. In particulare, review this:
chroot_list_enable If activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting. Default: NO
Hello,
Its fixed now, it seems to be it was a easy fix and I was kind of waisting your time, but thanks for the answers. I did google it and couldn't get a good answer.
@ Nico Kadel-Garcia
Currently this server is setup for back-up the our other 3 servers and people can get FTP for backing-up there site. I prefer FTP because people *know* FTP, when I give them something different to use there is a change they are scared and will not use it.
Best,
Huib
2011/3/14 Nico Kadel-Garcia nkadel@gmail.com
On Mon, Mar 14, 2011 at 1:27 PM, Huib Laurens sterkebak@gmail.com wrote:
Hello,
I have setup a centos server running 5.5 and I have a problem with the
FTP
settings.
Currently I have two FTP accounts based on that server, they lead to:
/home/bella /home/carmen
Currently the FPT accounts starts in the home directory when they are
logged
in. But they are able to see all directories on the server. What can I do
to
make sure they cant come out of there home directory?
-- Regards, Huib "Abigor" Laurens
First things first. *DO NOT* use FTP. It's a blatantly insecure protocl and passes passwords, and data, in the clear.
Second, if you *MUST* use FTP, do not use it with normal usernames and passwords.
Third, if you *MUST* use FTP, use FTPS which SSL tunnels the connections.
Fourth, read the manual page on the "vsftpd" server. In particulare, review this:
chroot_list_enable If activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting. Default: NO