Thread: ftp users

    #1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    14
    Rep Power
    0
    Hello,

    i've just started with configuring my new webserver. and now i am struggling with a problem. whenever i make a new user for a domain, the can not only browse thru their own site but they can surf anywhere on my server, from the root up. (using FTP and telnet).

    now when i log into my internet provider account, i only get to see my own directory.
    i'ts not just that i cant browse higher up levels, but they dont ever appear in my ftp client. ( i mean i dont see /home/users/arun as my initial directory but just / or /arun)
    how do they do that? i've got this really big linux/apache manual but i can't find the answer anywhere.

    i'd be really grateful for any help

    greetings, Arun

    ------------------
    Arun Yadava
    email: arun@deep-blue-ocean.nl
    url: <A HREF="http://www.deep-blue-ocean.nl
    gsm:" TARGET=_blank>www.deep-blue-ocean.nl
    gsm:</A> +31625427907
  2. #2
  3. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    14
    Rep Power
    0
    my signature turned out weird, lets see if its better now...sorry

    ------------------
    Arun Yadava
    email: arun@deep-blue-ocean.nl
    url: www.deep-blue-ocean.nl
    gsm: +31625427907
  4. #3
  5. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    You should get proftpd-1.2.0pre10.tar.gz from http://www.proftpd.net
    The configuration file 'proftpd.conf' is Apache's httpd.conf-like.

    For your quick references:
    # this is the default dir when they log in (home dir)
    DefaultChdir ~/
    # this is the highest dir (home dir) a user can reach
    DefaultRoot ~/

    As for telneting, you will have to write a customize shell on your own or disable telnet for your web users.
  6. #4
  7. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    14
    Rep Power
    0
    thanks for your fast reply!
    i'll download the pro-ftp and install it then...
    right after i've fixed my httpd...it just crashed..argh

    one more question, how do i disable telnet access?

    greetings, Arun

    ------------------
    Arun Yadava
    email: arun@deep-blue-ocean.nl
    url: www.deep-blue-ocean.nl
    gsm: +31625427907
  8. #5
  9. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    Let say you place those users to 'www' group and 'www' user. You can then give this a nonexistent shell. I don't run linux so I don't know how you would configure certain group/user without a shell. Please read the manpages for your particular linux distribution regarding to this.

    Be sure to read the documentation of proftpd and take a close look at GroupPassword and UserPassword directives.
  10. #6
  11. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    14
    Rep Power
    0
    okay thanks again

    i know how to create a user with a non-exsistent shell, so i'll manage
    thanks for the advise!

    Arun

    ------------------
    Arun Yadava
    email: arun@deep-blue-ocean.nl
    url: www.deep-blue-ocean.nl
    gsm: +31625427907
  12. #7
  13. No Profile Picture
    Gödelian monster
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Jul 1999
    Location
    Central Florida, USA
    Posts
    2,307
    Rep Power
    62
    If you want to disable telnet completely, go to the file /etc/inetd.conf, and comment out the telnet line:

    #telnet stream tcp nowait root /usr/libexec/telnetd telnetd

    While you're at it you should probably comment out a few other network protocols that you don't need but are usually enabled by default:

    sunrpc
    auth
    login
    finger
    netbios (especially this)

    Unless you have a reason to use any specific protocol in inetd.conf its better to comment it out, as the more connections methods, the more vulnerabilities.

    I usually only have ftp, pop3, smtp and sometimes telnet enabled.

    Read up on Linux security; it can be a big problem if you're not careful.
  14. #8
  15. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jun 2000
    Posts
    14
    Rep Power
    0
    thank you very much for the advice

    i actually dont want telnet disabled completely, i want to be able to use it myself, and also my alliance partners should be able, but clients shouldnt be.
    im thinking of installing a secure crt module or something, i've heard telnet isnt that safe.

    i'll take a look if the other protocols are off, if not i'll switch them off.

    again thank you for helping me out!
    greetings, Arun

    ------------------
    Arun Yadava
    email: arun@deep-blue-ocean.nl
    url: www.deep-blue-ocean.nl
    gsm: +31625427907
  16. #9
  17. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Sep 2000
    Posts
    1
    Rep Power
    0
    To disble telnet access to specific users just change the shell interface in the /etc/passwd file to /bin/false
    example:
    bob:x:518:518::/home/bob:/bin/bash
    haji:x:519:45:haji mart:/home/haji:/bin/false

    Here bob can telnet in but haji cannot....
    I am also wondering how to prevent ftp users from seeing the rest of my system. (I don't want to install a new ftp deamon.) Please shoot me an email if you have an answer.

    Andy
  18. #10
  19. No Profile Picture
    freebsd
    Guest
    Devshed Newbie (0 - 499 posts)
    >>how to prevent ftp users from seeing the rest of my system. (I don't want to install a new ftp deamon.)

    Since you haven't provided what ftp daemon you are running, I assume it's wu-ftpd. Simply run "man 8 ftpd" and "man 8 chroot".

IMN logo majestic logo threadwatch logo seochat tools logo