Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

need chroot help 1

Status
Not open for further replies.
frozenpeas

frozenpeas

Technical User
Sep 13, 2001
893
CA
Hi,

I am running RH 7.0 and ProFTPd 1.2.4.

When users login, I want to keep them from moving above their own directory (/home/username/). I think this can be done with chroot but I have no idea how.

Can someone give me a walkthrough?

Thanks.
 
Sort by date Sort by votes
That can also be done with rsh.

Or don't let them have shell access at all- make their shell whatever application they need to run if that's appropriate.

Setting up a chroot environment involves making a directory that has the necessary files under it to work: /etc/passwd (generally modified from the original), necessary libraries etc.

describes doing this for a sendmail "user"; the same concepts apply to any user.


A more generic treatment is
A search for "llinux chroot how-to" will turn up many others.
Tony Lawrence
SCO Unix/Linux Resources tony@pcunix.com
 
Upvote 0 Downvote
An easy way to do this is to use the -r option for
bash if they are using this shell.
bash -r restricts any number of things that they can do.
 
Upvote 0 Downvote
There is an easier way.... Your using ProFTPD...

Well in my proftpd.conf file I added this to my global (showing you the whole thing):

<Directory /*>
AllowOverwrite off
HideGroup root
<Limit ALL>
IgnoreHidden on
</Limit>
</Directory>

The HideGroup option hides anything that has a group of root. If you ONLY add that the files will appear to be invisible but is still susceptible to any commands like copy, erase, etc.... So I added the Limit

<Limit ALL> is the option that limits commands... you can specify certain commands but for my root files ALL is good.

The IgnoreHidden command tells it to ignore the command for the hidden files.

Now when someone logs in.. They change the directory up to /Home (for me) they can see all the other home users but by permissions they can't access the other directories. If they try to go up again they get the access denied as well as if they phsically type it in there.

If you serve an anoymous ftp server I would also add the HiddenGroup and Limit in the Anonymous section of the proftpd.conf file. Don't forget to restart the ftp server after you make changes.

Here is a site with all of the ProFtpd Directives:

Good Luck :)
Bill
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

Krus1972
  • Locked
  • Question
Rewrite Rule for .htaccess Help
Replies
0
Views
278
Krus1972
Krus1972
daniel.warner
  • Locked
  • Question
Desperately need help setting up wildcard certs on Apache/Tomcat
Replies
2
Views
260
daniel.warner
daniel.warner
harro1968
  • Locked
  • Question
Help with ProxyPass
Replies
0
Views
172
harro1968
harro1968
mjj4golf2
  • Locked
  • Question
Help with setting up a media server
Replies
2
Views
232
vacunita
vacunita
Agent0007
  • Locked
  • Question
HELP Traffic Control of IP
Replies
2
Views
166
Agent0007
Agent0007

Part and Inventory Search

Sponsor

Back
Top