ftp users

Hello,

i've just started with configuring my new webserver. and now i am struggling with a problem. whenever i make a new user for a domain, the can not only browse thru their own site but they can surf anywhere on my server, from the root up. (using FTP and telnet).

now when i log into my internet provider account, i only get to see my own directory.
i'ts not just that i cant browse higher up levels, but they dont ever appear in my ftp client. ( i mean i dont see /home/users/arun as my initial directory but just / or /arun)
how do they do that? i've got this really big linux/apache manual but i can't find the answer anywhere.

i'd be really grateful for any help

greetings, Arun

------------------
Arun Yadava
email: arun@deep-blue-ocean.nl
url: <A HREF="http://www.deep-blue-ocean.nl
gsm:" TARGET=_blank>www.deep-blue-ocean.nl
gsm:</A> +31625427907

my signature turned out weird, lets see if its better now...sorry

------------------
Arun Yadava
email: arun@deep-blue-ocean.nl
url: www.deep-blue-ocean.nl
gsm: +31625427907

You should get proftpd-1.2.0pre10.tar.gz from http://www.proftpd.net
The configuration file 'proftpd.conf' is Apache's httpd.conf-like.

For your quick references:
# this is the default dir when they log in (home dir)
DefaultChdir ~/
# this is the highest dir (home dir) a user can reach
DefaultRoot ~/

As for telneting, you will have to write a customize shell on your own or disable telnet for your web users.

thanks for your fast reply!
i'll download the pro-ftp and install it then...
right after i've fixed my httpd...it just crashed..argh

one more question, how do i disable telnet access?

greetings, Arun

------------------
Arun Yadava
email: arun@deep-blue-ocean.nl
url: www.deep-blue-ocean.nl
gsm: +31625427907

Let say you place those users to 'www' group and 'www' user. You can then give this a nonexistent shell. I don't run linux so I don't know how you would configure certain group/user without a shell. Please read the manpages for your particular linux distribution regarding to this.

Be sure to read the documentation of proftpd and take a close look at GroupPassword and UserPassword directives.

okay thanks again

i know how to create a user with a non-exsistent shell, so i'll manage
thanks for the advise!

Arun

------------------
Arun Yadava
email: arun@deep-blue-ocean.nl
url: www.deep-blue-ocean.nl
gsm: +31625427907

If you want to disable telnet completely, go to the file /etc/inetd.conf, and comment out the telnet line:

#telnet stream tcp nowait root /usr/libexec/telnetd telnetd

While you're at it you should probably comment out a few other network protocols that you don't need but are usually enabled by default:

sunrpc
auth
login
finger
netbios (especially this)

Unless you have a reason to use any specific protocol in inetd.conf its better to comment it out, as the more connections methods, the more vulnerabilities.

I usually only have ftp, pop3, smtp and sometimes telnet enabled.

Read up on Linux security; it can be a big problem if you're not careful.

thank you very much for the advice

i actually dont want telnet disabled completely, i want to be able to use it myself, and also my alliance partners should be able, but clients shouldnt be.
im thinking of installing a secure crt module or something, i've heard telnet isnt that safe.

i'll take a look if the other protocols are off, if not i'll switch them off.

again thank you for helping me out!
greetings, Arun

------------------
Arun Yadava
email: arun@deep-blue-ocean.nl
url: www.deep-blue-ocean.nl
gsm: +31625427907

To disble telnet access to specific users just change the shell interface in the /etc/passwd file to /bin/false
example:
bob:x:518:518::/home/bob:/bin/bash
haji:x:519:45:haji mart:/home/haji:/bin/false

Here bob can telnet in but haji cannot....
I am also wondering how to prevent ftp users from seeing the rest of my system. (I don't want to install a new ftp deamon.) Please shoot me an email if you have an answer.

Andy

>>how to prevent ftp users from seeing the rest of my system. (I don't want to install a new ftp deamon.)

Since you haven't provided what ftp daemon you are running, I assume it's wu-ftpd. Simply run "man 8 ftpd" and "man 8 chroot".