i've just started with configuring my new webserver. and now i am struggling with a problem. whenever i make a new user for a domain, the can not only browse thru their own site but they can surf anywhere on my server, from the root up. (using FTP and telnet).
now when i log into my internet provider account, i only get to see my own directory.
i'ts not just that i cant browse higher up levels, but they dont ever appear in my ftp client. ( i mean i dont see /home/users/arun as my initial directory but just / or /arun)
how do they do that? i've got this really big linux/apache manual but i can't find the answer anywhere.
i'd be really grateful for any help
url: <A HREF="http://www.deep-blue-ocean.nl
You should get proftpd-1.2.0pre10.tar.gz from http://www.proftpd.net
The configuration file 'proftpd.conf' is Apache's httpd.conf-like.
For your quick references:
# this is the default dir when they log in (home dir)
# this is the highest dir (home dir) a user can reach
As for telneting, you will have to write a customize shell on your own or disable telnet for your web users.
thanks for your fast reply!
i'll download the pro-ftp and install it then...
right after i've fixed my httpd...it just crashed..argh
one more question, how do i disable telnet access?
Let say you place those users to 'www' group and 'www' user. You can then give this a nonexistent shell. I don't run linux so I don't know how you would configure certain group/user without a shell. Please read the manpages for your particular linux distribution regarding to this.
Be sure to read the documentation of proftpd and take a close look at GroupPassword and UserPassword directives.
If you want to disable telnet completely, go to the file /etc/inetd.conf, and comment out the telnet line:
#telnet stream tcp nowait root /usr/libexec/telnetd telnetd
While you're at it you should probably comment out a few other network protocols that you don't need but are usually enabled by default:
netbios (especially this)
Unless you have a reason to use any specific protocol in inetd.conf its better to comment it out, as the more connections methods, the more vulnerabilities.
I usually only have ftp, pop3, smtp and sometimes telnet enabled.
Read up on Linux security; it can be a big problem if you're not careful.
thank you very much for the advice
i actually dont want telnet disabled completely, i want to be able to use it myself, and also my alliance partners should be able, but clients shouldnt be.
im thinking of installing a secure crt module or something, i've heard telnet isnt that safe.
i'll take a look if the other protocols are off, if not i'll switch them off.
again thank you for helping me out!
September 28th, 2000, 02:08 PM
To disble telnet access to specific users just change the shell interface in the /etc/passwd file to /bin/false
Here bob can telnet in but haji cannot....
I am also wondering how to prevent ftp users from seeing the rest of my system. (I don't want to install a new ftp deamon.) Please shoot me an email if you have an answer.
September 28th, 2000, 04:18 PM
>>how to prevent ftp users from seeing the rest of my system. (I don't want to install a new ftp deamon.)
Since you haven't provided what ftp daemon you are running, I assume it's wu-ftpd. Simply run "man 8 ftpd" and "man 8 chroot".