Re: How to restrict users from serfing around my server via FTP.
I think I read somewhere that certain FTP servers recognize a convention when you have the homedir in the password file changed from /home/luser to /home/luser/./ it becomes chrooted when they log in. Yes, it will try to chroot but fail if the directory structure is wrong. This is a necessary step, but not sufficient ;-) - Aviram Jenik "Addicted to Chaos" - Today's quote: Mars is essentially in the same orbit [as the Earth]... We have seen pictures where there are canals, we believe, and water. If there is water, there is oxygen. If oxygen, that means we can breathe. - J. Danforth Quayle, interviewed on Cable Network News, 11 August 1989 = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: How to restrict users from serfing around my server via FTP.
On Thu, 13 Jan 2000, Mike wrote: BUT !, the configuration can work in GOOD way only on little amount of users. this is becouse you need to copy the etc,lib and bin directories from the anonftp root to each and evry user. i tried to use symbolic links but as i can recall it didn't work. ofcourse, having read the docs, or making a search on deja.com, you would have found that plenty of people before you tried to do the same thing, and got many answers on many news groups (and mailing lists). My question was how to do the same thing , User will NOT be able to view other directories other then their own home directory and will not be able to "travel" to other dirs. if your question was that, then that was what you should have written initially. In other words, the users directory will be his root directory, without the use of anonftp and the etc,bin and lib dirs that need to be copied to it. wuftpd does not support chrooted accounts without the appropriate directory structure - this is how it seems to be. however, no one tells you not to automate the process of creating such accounts... now, just to be sure that it is indeed only your slight lazyness that disabled you from finding this out, i went to deja.com , went to power search, typed in 'ftpd chroot user setup', then clicked on the 'search' button. and then - what a surprise. i saw a large set of letters pertaining to this exact question. one of those contained full documentation (it took about 10 minutes until i got to that letter, after i dismissed several that gave some partial answers out of which i could have formed the complete story, if i wanted to). bellow is the URL to the specific answer i saw - i'm not sure if this link will work for you, but it might: http://x32.deja.com/[ST_rn=ps]/getdoc.xp?AN=443881299.1CONTEXT=947788914.1802895379hitnum=23 if you copypaste it, make sure not to leave in any spaces that might result due to my mail client (or yours) breaking this long line into several lines. so, what are my conclusions: 1. if one is not lazy, and thinks he knows how to read and digest texts, one makes a search in deja.com for answers to such questions. 2. one also never assumes that everything they try to do is new and unique, but rather that many people have done so before, and thus assume there is a good chance of finding an already good reply in various archives of news groups, mailing lists and web sites. 3. one also understands that going to a mailing list with questinos of this sort 1-2 times per week will eventually result anger on the part of other people on that mailing list. 4. one will eventually realize that for everyone's sake (including one's sake), it is much more polite if one learns how to use such search techniques to look for people who already spent time on answering those questions, then asking people to re-create answers that could be found by one in such a (rather short) search. 5. finally, if one receives a polite question via email, regarding one's many posts on the mailing lists, it is only courtesy that one will answer that letter (this is a hint...). guy "For world domination - press 1, or dial 0, and please hold, for the creator." -- nob o. dy = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: How to restrict users from serfing around my server via FTP.
FYI, there were some security warning on wu-ftp-'old-versions', one or two month ago. Upgrade to wu-ftp-2.6.0-something Sorry, but I don't know where to find it. hth -- Meir Mike wrote: Hi list. I just installed WU-FTPD 2.5.0 and have some problems with restriction of users. I add the guestgroup directive with all my "guest" users groups but when i tried to enter the server i did not saw any library. Now, i think that the problem happened becouse i DO NOT have a anonymous FTP server. I do not want to install an anonymous ftp server (i just want wu-ftpd) so my question is how can i restrict users from traveling around my HD without it. Thanks, Mike = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: How to restrict users from serfing around my server via FTP.
If you use RH you can get the patch in RPM from the errata page (the one with the security patches) Chen Shapira [EMAIL PROTECTED] print pack"C*",split/\D+/,`echo "16iII*o\U@{$/=$z;[(pop,pop,unpack"H*", )]}\EsMsKsN0[lN*1lK[d2%Sa2/d0X+d*lMLa^*lN%0]dsXx++lMlN/dsM0J]dsJxp"|dc` = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: How to restrict users from serfing around my server via FTP.
Hi. Let me explain several things... First of all, thanks to all those who reply to my question :-). Secound, I know how to do it in WU-FTPD with anonftp configuration, and it works ok. BUT !, the configuration can work in GOOD way only on little amount of users. this is becouse you need to copy the etc,lib and bin directories from the anonftp root to each and evry user. i tried to use symbolic links but as i can recall it didn't work. My question was how to do the same thing , User will NOT be able to view other directories other then their own home directory and will not be able to "travel" to other dirs. In other words, the users directory will be his root directory, without the use of anonftp and the etc,bin and lib dirs that need to be copied to it. Thanks, Mike - Original Message - From: "Tzafrir Cohen" [EMAIL PROTECTED] To: "Mike" [EMAIL PROTECTED] Sent: Thursday, January 13, 2000 9:23 AM Subject: Re: How to restrict users from serfing around my server via FTP. Just one more thing: on RH (at least) the anonftp package includes the ffiles you need for the chroot environment (stuff under /home/ftp). This is also needed for guest access. Then all you have to do is disable "annonymous" and "real" access, and create accounts for the "guest"s never tried it, though Mike wrote: Hi list. I just installed WU-FTPD 2.5.0 and have some problems with restriction of users. I add the guestgroup directive with all my "guest" users groups but when i tried to enter the server i did not saw any library. Now, i think that the problem happened becouse i DO NOT have a anonymous FTP server. I do not want to install an anonymous ftp server (i just want wu-ftpd) so my question is how can i restrict users from traveling around my HD without it. Thanks, Mike -- Tzafrir Cohen mailto:[EMAIL PROTECTED] http://techunix.technion.ac.il/~tzafrir = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
RE: How to restrict users from serfing around my server via FTP.
I just installed WU-FTPD 2.5.0 and have some problems with restriction of users. Pull the ethernet cable from the computer, that'll restrict them. I add the guestgroup directive with all my "guest" users groups but when i tried to enter the server i did not saw any library. The reasonable way to ask this question is to attach a copy of your ftpaccess file so we'll see what went wrong and be able to help you. You *do* know what is the ftpaccess file is, right? Now, i think that the problem happened becouse i DO NOT have a anonymous FTP server. Oh, boy! You didn't read the doc's did you? you didn't search the net. probably didn't look anywhere. You are so dead wrong here that I feel like laughing. Do yourself a favor, don't humiliate yourself in public and think before asking. WU-Ftpd is ftp server which can be anonymous or not as you configure it. I do not want to install an anonymous ftp server (i just want wu-ftpd) so my I hate mentioning the obvious, but wu-ftpd allows anonymous and logged access depending on the configuration. question is how can i restrict users from traveling around my HD without it. Oh, they are restricted alright, what you want is to make them less restricted and let them see something. Conclusion: 1. If you'd bother to read the WUFTPD fine manuals you'd know what to do, and you'd save yourself some public humiliation. 2. If you don't read the doc, atleast make sure your question makes sense and that you know what an ftp server is. 3. I might overlook your stupidity and help anyway if the ftpaccess file was attached. Chen Shapira [EMAIL PROTECTED] Queen Isabella where are you today? The new Chris. Colombus is wasting away. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: How to restrict users from serfing around my server via FTP.
"Mike" [EMAIL PROTECTED] writes: all you could do is to tell me to read the HOWTO. That's the point: we shouldn't ;-) -- Oleg Goldshmidt | BLOOMBERG L.P. (BFM) | [EMAIL PROTECTED] "... We work by wit, and not by witchcraft; And wit depends on dilatory time." - W. Shakespeare. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]
Re: How to restrict users from serfing around my server via FTP.
Hi Hetz The thing is that i KNOW how to do it. the way that the wu-ftpd works is by applying the guest restrictions to the users. However they said there that it uses the anonymous ftp settings. Well, i DO NOT want to open unneccery ftp account (anonymous in that case) due to security issues. i know that there other ways to restrict users from seeing other users libraries and such. If anyone has a better/simple way to do that then please let me know. Mike - Original Message - From: "Hetz Ben Hamo" [EMAIL PROTECTED] To: "Mike" [EMAIL PROTECTED] Sent: Tuesday, January 11, 2000 12:50 PM Subject: Re: How to restrict users from serfing around my server via FTP. Hi Mike, Don't take it that seriously, people here are laughing sometimes (they did to me to also few time).. Anyway, the best way if you want can be to install ncftpd (but it's commercial) - its a great FTP daemon program and does exactly what u need very easily. Thanks Hetz Mike wrote: You know, all i asked is a simple question. all you could do is to tell me to read the HOWTO. and BTW, i did and i know how to do it, however this time it didn't worked... Next time please do not insult me, or better simply DO NOT reply to my question. Thanks for nothing Mike - Original Message - From: "Chen Shapira" [EMAIL PROTECTED] To: "'Mike'" [EMAIL PROTECTED]; "Linux-il" [EMAIL PROTECTED] Sent: Tuesday, January 11, 2000 11:39 AM Subject: RE: How to restrict users from serving around my server via FTP. I just installed WU-FTPD 2.5.0 and have some problems with restriction of users. Pull the Ethernet cable from the computer, that'll restrict them. I add the guestgroup directive with all my "guest" users groups but when i tried to enter the server i did not saw any library. The reasonable way to ask this question is to attach a copy of your ftpaccess file so we'll see what went wrong and be able to help you. You *do* know what is the ftpaccess file is, right? Now, i think that the problem happened becouse i DO NOT have a anonymous FTP server. Oh, boy! You didn't read the doc's did you? you didn't search the net. probably didn't look anywhere. You are so dead wrong here that I feel like laughing. Do yourself a favor, don't humiliate yourself in public and think before asking. WU-Ftpd is ftp server which can be anonymous or not as you configure it. I do not want to install an anonymous ftp server (i just want wu-ftpd) so my I hate mentioning the obvious, but wu-ftpd allows anonymous and logged access depending on the configuration. question is how can i restrict users from traveling around my HD without it. Oh, they are restricted alright, what you want is to make them less restricted and let them see something. Conclusion: 1. If you'd bother to read the WUFTPD fine manuals you'd know what to do, and you'd save yourself some public humiliation. 2. If you don't read the doc, atleast make sure your question makes sense and that you know what an ftp server is. 3. I might overlook your stupidity and help anyway if the ftpaccess file was attached. Chen Shapira [EMAIL PROTECTED] Queen Isabella where are you today? The new Chris. Colombus is wasting away. = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED] = To unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]