Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Secure FTP / Restricted Root 1

Status
Not open for further replies.
mhamilton3

mhamilton3

Programmer
Oct 31, 2001
129
Hello,
I have to set up a secure FTP on my FreeBSD server. To do this, I have to give the user I create shell privileges. First is their any way to avoid that. Second, assuming there is no way to avoid that, is there a way to restrict where they go. Right now, they do not have permissions to do much, but they can see everything. I want the user to be restricted to their directory and nothing else. I will take any suggestions you have. Thanks

- Mark
 
Sort by date Sort by votes
man chroot

It puts the user to a fake-root-filesystem with very restricted access - depending on your installation. Everything outside the specified root dir isn't accessible for the users, including /etc /lib /bin /usr/bin ... so some basic binaries and libs must be copied to the chroot-dir.

seeking a job as java-programmer in Berlin:
 
Upvote 0 Downvote
Pardon my ignorance, but how does chroot stop users from seeing the box when coming in through secure ftp (SSH).
 
Upvote 0 Downvote
man chroot

Hope This Helps, PH.
Want to get great answers to your Tek-Tips questions? Have a look at FAQ219-2884 or FAQ222-2244
 
Upvote 0 Downvote
Put the chroot in your profile for users coming in via tty. When you run chroot to say, a users home directory, they cant see anything above the directory you specify when you chroot.
 
Upvote 0 Downvote
Thanks nawlej,
I should have mentioned in my original message that I am a Unix / Sysadmin neophite. I am a programmer who occasionally has to do sysadmin type stuff.

I will look up modifying the users profile, thanks.

- Mark
 
Upvote 0 Downvote

Simple steps to setting up your system to allow SFTP but not shell access:

1) add /usr/libexec/openssh/sftp-server to your /etc/shells
2) change the users' shell in /etc/passwd to /usr/libexec/openssh/sftp-server


Do a locate sftp-server on a non-redhat system if it's not located in /usr/libexec/openssh. sftp-server is openssh's secure ftp subsystem. Setting it as the users' shell lets them transfer files, but they can't get a shell.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

mduddytel
  • Locked
  • Question
Unix Root inbox - how to clear
Replies
0
Views
312
mduddytel
mduddytel
Soopa
  • Locked
  • Question
FTP Servers and Time Stamps
Replies
0
Views
91
Soopa
Soopa
Tranbo
  • Locked
  • Question
root account not found 1
Replies
5
Views
87
Tranbo
Tranbo
lorel
  • Locked
  • Question
Another ftp problem.
Replies
6
Views
105
vodkadrinker
vodkadrinker
Tranbo
  • Locked
  • Question
Cron Job not emailing root 1
Replies
11
Views
121
Tranbo
Tranbo

Part and Inventory Search

Sponsor

Back
Top