Problem with Access to directories
Paul Howarth
paul at city-fan.org
Sat Mar 19 10:42:56 UTC 2005
On Fri, 2005-03-18 at 21:10 -0600, B.J. Scott wrote:
> I'm having an issue with vsftpd (on Fedora Core 3)
>
> I have three users: software, games, and music
>
> I made the following directories:
>
> /ftp/software
> /ftp/games
> /ftp/music
>
> and set each user's home directory to the relevant directory with the
> following commands:
>
> useradd -d /ftp/software software
> useradd -d /ftp/games games
> useradd -d /ftp/music music
> (I can't remember the commands; I think that's it, but anyhow, it
> worked)
>
> these accounts are going to be used just for FTPing and downloading the
> respective content; that's why I made their home directories as such.
>
> So ... when the user 'software' ftp's in (from internet explorer, or
> what have you), he is presented with 'software on p4' (a folder mapped
> to a windows share (he can traverse it and download anything in there
> fine)
>
> However, the problem arose when I went to a command prompt (in Windows)
> and ran the following :
>
> ftp ipaddress
> login: software
> password: blahblah**
>
> it logs in fine
>
> the problem is this ... if you type in 'cd ..' it actually takes you
> to the parent directory (/ftp)
> if you do it again, it takes you to root (/)
>
> In my opinion this is a problem. Is there a way to deny a particular
> user access to a particular directory and if not, how would I go about
> securing this? The user 'software' is even able to download from the
> other directories (like /etc)
Look at the first question in the vsftpd FAQ:
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.2/FAQ
Q) Can I restrict users to their home directories?
A) Yes. You are probably after the setting:
chroot_local_user=YES
Paul.
--
Paul Howarth <paul at city-fan.org>
More information about the users
mailing list