Benjamin M Baraga wrote:
>
> Great, Thankz for the help. It is mostly working but I'm not sure how to
> "jail" him to
> /home/http? What does this mean:
>
Jailing a user means that whenever that user logs on the ftp
server, with his name and passwd, he woudl not be able to
come out of his default directory (which is defined in the
/etc/passwd) directory. he would however be able to go in
deeper...
what ftp server software are u using? is it proftpd or
wu.ftpd or what?
> >or any other ftp user) to his/her home directory is by
> >using the global directive DefaultRoot ~ , which essentially
> >jails the user to his directory so he/she cannot venture out
> >of the home dir. sorry i can't help u on the other
>
> What is a global directive?
>
that applies to proftpd...so you'll have to tell me first
what your ftp server is?
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> > Omer Ansari
> > Sent: Thursday, April 08, 1999 11:05 PM
> > To: Benjamin M Baraga
> > Cc: [EMAIL PROTECTED]
> > Subject: Re: User Ftp access
> >
> >
> > Benjamin M Baraga wrote:
> > >
> > > I have a question.
> > >
> > > I have a linux (Redhat 5.1) box that is hosting our web page,
> > via Apache. I
> > > want to give the webmaster FTP only access to the server. How
> > do I create a
> > > user like this? I don't want him to be able to login to the
> > server, only be
> > > able to FTP to the /home/http directory. Any help would be appreciated.
> >
> > by using adduser (or useradd) command u can create a user
> > with specific uid/gid's, (if this user is not already there
> > in the /etc/passwd file). Be sure to specify the home
> > directory of this user as /home/http so that whenever he/she
> > logs on via ftp/telnet/whatever he is taken to his root
> > directory by default...
> >
> > to restrict him to use ftp services only and not the telnet
> > service, u'll have to change the shell of the user in the
> > /etc/passwd file to a dummy shell...in other words... where
> > it states /bin/bash, u have to define a dummy shell like
> > /bin/blah which actually points to a file which doesn't even
> > exist....then you have to append /bin/blah in your
> > /etc/shells file.
> > The reason for all this shibang is that the RFC defining FTP
> > states explicitly that the user ftp'ing needs to have a
> > valid shell on the machine he/she is ftp'ing. By adding our
> > dummy shell (/bin/blah) in /etc/shells we are actually
> > fooling the ftp server into believing that the user
> > (webmaster) indeed has a real shell, so let him ftp into the
> > server.
> >
> > The adduser command in slack is a step by step input/output
> > sequence which gets the user's info interactively from the
> > shell..I remember running into a problem of the 8 characters
> > or less requirement (as webmaster is 9 characters) and thus
> > i defined a user dodo, and went into /etc/passwd and
> > /etc/shadow and changed the dodo to webmaster. RH might not
> > have the 8 character limitation because the useradd/adduser
> > command does not require so...but nevertheless i thought it
> > better to share the information.
> >
> > Ok..on a last note...if you are running proftpd as your ftp
> > server on your webserver, the way to restrict the webmaster
> > (or any other ftp user) to his/her home directory is by
> > using the global directive DefaultRoot ~ , which essentially
> > jails the user to his directory so he/she cannot venture out
> > of the home dir. sorry i can't help u on the other
> > ftpservers front, but maybe the command 'chroot' might be
> > useful there....haven't really ever understood how to use
> > this command, but i have heard that this can be used to jail
> > users too. do let me know if u use it successfully.
> >
> >
> > if you have any other queries, let me know..because i'm
> > running a similar setup as yours...and might save u time
> > (and hair-loss!) if you run into some strange problem :)
> >
> >
> > regards,
> >
> >
> >
> > >
> > > Thankz in Advance
> > >
> > > Benjamin Baraga
> > > Systems Engineer
> > > Heron Network Services
> >
> > --
> > Omer Ansari
> > Network Engineer,
> > Supernet PDSL
> > Pakistan.
> >
> > Digital Fingerprint:
> > A641 2DCB D180 4ACD CA00 DC4E 1698 847B E3CA A88F
> >
--
Omer Ansari
Network Engineer,
Supernet PDSL
Pakistan.
Digital Fingerprint:
A641 2DCB D180 4ACD CA00 DC4E 1698 847B E3CA A88F
