RE: Preventing a user from moving "up" directories

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



> Subject:  Preventing a user from moving "up" directories
> 
> I am in the process of setting up a new server.  In the process I cannot
> remember what I need to set so that an FTP user cannot move upward in
> the directory tree of the user's directory.  The FTP server is VSFTP.
> The user's directory is owned by the user and the permissions are 775.
> 
> Isn't there a setting in httpd.conf to prevent that?
> 
> Todd
> 

I dunno about httpd.conf yet...

In /etc make a file called vsftpd.chroot_list and put the people in it that
can ftp in and go up the tree

Depending on config, /etc/vsftpd.user_list are typically users that are not
allowed to ftp in under any circumstances. Look at the config file and that
file to get more info

If userlist_deny=NO, only allow users in this file
If userlist_deny=YES (default), never allow users in this file, and
do not even prompt for a password.
Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers
for users that are denied.

Then... go into /etc/vsftpd/vsftpd.conf and you should be able to figure out
the rest

Then at the end of the file mine looks like this... I don't recall where I
got the info or if it was intuitive

chroot_local_user=YES
#
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror"
assume
# the presence of the "-R" option, so there is a strong case for enabling
it.
#ls_recurse_enable=YES

pam_service_name=vsftpd
userlist_enable=YES
#enable for standalone mode
listen=YES
tcp_wrappers=YES

as a side note, when I create shell accounts that can only ftp in I usually
call the shell /bin/ftponly and I put a reference to it in /etc/shells at
the end

that way they cannot ssh in or whatever

 - rh

--
Robert - Abba Communications
   Computer & Internet Services
 (509) 624-7159 - www.abbacomm.net

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux