Okay, I got out the ole book(s) and found the answer to the first part
of my question which was how to restrict the user during FTP.
It seems that adding guestgroup <groupname> to the etc/ftpaccess
file will allow the setting of the users root directory during FTP.
The user is given normal anonymous privileges plus whatever you want
to grant or deny in the ftpaccess file and the directory modes. The
users login home directory is then set in the password file slightly
different than the normal entry.
Lets say the directory we want him to use is /home/ftp/user/user1.
The entry in the password file is:
/home/ftp/user/./user1
The dot between user/ and /user1 tells Linux to make
/home/ftp/user the root for this user and /home/ftp/user/user1 the
login home directory. The user sees it as /user1 . He can go back
to / (which in reality is /home/ftp/user) but no further. Perfect!
Just what I wanted.
Too bad this doesn't work for Telnet also. The user logs-in to the
correct directory but can move about as he wishes. I am not sure how
to implement the change in the users' shell as suggested below but I
am still reading and trying things..
Dave
>----- Original Message -----
> From: "Magnus" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, May 25, 2000 8:46 PM
> Subject: Re: Permissions
>
>
> > You could just change the user's shell. it's not too hard to write
a
> small
> > program that simply says "This login is not valid for telnet
service"
> which
> > then pauses for long enough to read the message and exits sending
the
> user out.
> > That's what I did when I had an FTP-only user...
> >
> > On Thu, 25 May 2000, you wrote:
> > > How do I prevent a new user (added with adduser) from accessing
> > > anything but his /home/newuser directory. Actually, it would be
best
> > > if they could only access their directory and not even go back
to
> > > /home. I am attempting this on an anonymous ftp server running
Redhat
> > > 5.2. I created this user and set the home directory but if I
log-in
> > > under his name I can get to any directory on the system. The
other
> > > users directory in the /home dir are set to drxw------ so they
are not
> > > a problem, but all other directories are wide open to this new
> > > user....at least to look around. Seems strange but I guess when
this
> > > ftp server (Version wu-2.4.2-academ[Beta 18](1)Mon Aug 3
19:17:20 EDT
> > > 1998) was set up they didn't expect any users to be added... all
> > > access would be anonymous.
> > >
> > > I want to allow some of our new programmers to upload files to
us and
> > > pick up files from us via ftp. They are not to have telnet or
any
> > > other service, just ftp in and out. This server is not at our
> > > location but is co-located so I have to do this via telnet from
a Win
> > > 98 machine in the office. Will it screw up the anonymous ftp
service
> > > if I start changing permissions on the other directories? Is
there a
> > > better way to set up this user for ftp only?
> > >
> > > I am new, new, new to Linux so please be gentle..
> > >
> > > Dave Wyatt
> >
> >
>
