wu-ftpd question(s) 1

[roeiboot]

oi,

i got wu-ftpd up & running.. problem i have is that users can browse around on my whole Linux partition.. how do i keep users inside a certain directory ?? i was using Webmin to configure the ftp-server but i might be better of checking out the real config files ??

thanks in advance.

 

[blizz]

Hi,

You could chmod 711 the folders/directories on the partition that you do not wish to allow browsing. Blizz

http://www.blizzards.info

 

[roeiboot]

(silly question) what does "chmod 711" do with a directory.. and should i do this on every dir users are no allowed to go into, seems like quite some work, isn't there an easier solution ??

thanks.

 

[blizz]

Hi,

711 = sets the "permission" for a directory that allows, you the owner, full read/write/execute access to all files within a directory. All others can neither read nor write files within the directory.

Take a look here->

http://www.wu-ftpd.org/HOWTO/guest.HOWTO

Either way you will have to do a little work..... Blizz

http://www.blizzards.info

 

[roeiboot]

(don't mind some work but.. i got my user-dirs under /home/ ..i want them to stay either in /home/ or in their own dir, problem is that they can go up a dir.. when i limit the /home/ dir they can't get in at all.

 

[dawookie]

IIRC under wuftpd you could place a /./ in the users home directory field of the passwd file to limit them to only directories below the /./

For example /home/./user would not allow the user to go to any directory above /home/user

This may have changed or you may need to edit a config file or 2. It worked when I was using WU
Cheers

man(1) is your friend

 

[aixmurderer]

Try putting this in you /etc/ftpaccess file:

restricted-uid *

One catch, it restricts everyone to their home directory. It's not a very robust chroot, so if the users are potential hackers it's worth it to go the full guest chroot way. IBM Certified Confused - MQSeries
IBM Certified Flabbergasted - AIX 5 pSeries System Administration

 

[roeiboot]

aixmurderer,

yeah, that kinda works.. can i do this so that the users can go one dir higher ?? because one dir higher is the 'upload' dir.

plus.. i made the users with 'adduser'.. so in every user-dir there is a Desktop directory.. can i make that hidden ?

thanks alot.

 

[roeiboot]

dawookie,

tried this.. and it seems to be not working, this would be a great solution for my 'issue'.

 

[dawookie]

There is a Howto on the WU-ftpd site

http://www.wu-ftpd.org/HOWTO/guest.HOWTO

Like I said in my previous answer it has been a while since I used WU-ftpd. Cheers

man(1) is your friend

 

[roeiboot]

thanks buddy.. i will (for a change RTFM :}}

 

[fluid11]

DO NOT do this --> "chmod 711 the folders/directories on the partition that you do not wish to allow browsing". Sorry, but this is very bad advice. Recursively changing permission in the entire filesystem is never recommended. Permissions are set the way they are for a reason. This could wreck your server.

All you need to do is set up a chroot environment in Wu-FTP. A chroot environment (or chroot jail) allows you to select a directory that will be the root of the filesystem for users logging into the FTP server. This means that if you say that the chroot directory is going to be /home, then any users logging in will see /home as / and will not be able to go any higher.

I don't use Wu-FTP, so I can't give you specific advice on how to do this, but if you want to give ProFTPd a shot,

http://www.proftpd.org,

let me know because I know it well.


ChrisP

 

[roeiboot]

i installed ProFTPd.. but all kinda things go wrong, i unpacked the program and ran ./configure. seem to work but for some reason i cannot even find the proftpd.conf file.. mostly due to me being a newbie i guess.

 

[fluid11]

ProFTPd is easy to install. For a basic installation, do this.

tar zxvf proftpd-x.x.x.tar.gz -C /usr/local/src/
cd /usr/local/src/proftdp-x.x.x
./configure --prefix=/usr/local/proftpd
make
make install


The proftpd.conf file should reside in /usr/local/proftpd/etc/proftpd.conf, if you follow the installation instructions above.


ChrisP

 

[roeiboot]

works sofar.. no i'm just wondering when i start the ftp server it keeps saying "500 server shutdown" while with 'ps -ef' i see ftpd is running & ready for connections.

 

[fluid11]

You have to disable Wu-FTPd before you start ProFTPD, or change the port that one of them runs on. They are both trying to listen on port 21.


ChrisP

 

[roeiboot]

forget my last message.. there was a shutmsg <oops> anyway, how do i setup a chroot env.

what i would want: regular users end up in their home-dir,
some users who have a website end up in their

http://www-dir

and perhaps should be able to also goto theur home-dir.. one user (me should be able to access all dirs if possible.

i know i want alot, but i also know that Linux can do alot :}

last thing, how do i nice & neatly remove WU-FTPd, or at least make sure it doesn't interfere with ProFTPd, it doesn't start from inetd.conf because i don't have a inetd.conf..

thx.

 

[fluid11]

Do me a favor and post this in a new thread since its a completely different topic now. I'll answer your question after work, unless someone beats me to it.