Topic: FTP

[Eddy Van Hoeserlande]

Hi again,

is it possible to ftp to an i-bay?? My collegue is working at home and he wants to tranfer some data??

Eddy,
--
BSYS bvba

Blankenbergsesteenweg 5
8420 De Haan
Belgium
www.bsys.be
Tel 050/42.47.45
Fax 050/42.67.09
GPS: N 51°18'36" E 3°6'30"

[Eddy Van Hoeserlande]

FTP works fine, but he has access to all the I-BAYS! I only want to grant him access to certain I-bays! Or maybe there is a bug in my version om E-smith, I will do an update to the latest version and I will come back to this issue after that upgrade!

Eddy,

Eddy Van Hoeserlande wrote:

> Hi again,
>
> is it possible to ftp to an i-bay?? My collegue is working at
> home and he wants to tranfer some data??
>
> Eddy, -- BSYS bvba
>
> Blankenbergsesteenweg 5 8420 De Haan Belgium www.bsys.be Tel
> 050/42.47.45 Fax 050/42.67.09 GPS: N 51°18'36" E
> 3°6'30"
>

[Joseph Morrison]

> FTP works fine, but he has access to all the I-BAYS! I only
> want to grant him access to certain I-bays! Or maybe there is a
> bug in my version om E-smith, I will do an update to the latest
> version and I will come back to this issue after that upgrade!

There were some ftp-related problems in some of the beta releases - please try the latest version. To write to an i-bay you will have to enable "public FTP write access", which will allow your e-smith users to write to the i-bay if the group setting allows them access.

Best regards,
- Joe

[Mike Stoddart]

What is the best solution of limiting a user to only their home directory when they ftp into the box from outside the network? I dont want the user navigating around the server; I want to restrict them to their login and nothing else.

Thanks

[Joseph Morrison]

Hello Mike,

> What is the best solution of limiting a user to only their home
> directory when they ftp into the box from outside the network?
> I dont want the user navigating around the server; I want to
> restrict them to their login and nothing else.

They should only be able to write to their home directory and to any i-bays that they've explicitly been given access to write. Everything else should be read-only.

You can experiment with the DefaultRoot directive in the /etc/e-smith/templates/etc/proftpd.conf template.  See

http://www.proftpd.net/docs/configuration.html#DefaultRoot

for documentation.
- Joe Morrison, CEO

[Mike Stoddart]

Thanks - I'll read that when I get chance. I do think that the E-Smith server should prevent users who ftp in from browsing around the server. It makes it more secure; for example I store the data files (i.e. emails) from the webmail interface Mailman in an ibay "files" directory and I wouldn't want someone to ftp in and read them.

[Eddy Van Hoeserlande]

Mike Stoddart wrote:

> Thanks - I'll read that when I get chance. I do think that the
> E-Smith server should prevent users who ftp in from browsing
> around the server. It makes it more secure; for example I store
> the data files (i.e. emails) from the webmail interface Mailman
> in an ibay "files" directory and I wouldn't want
> someone to ftp in and read them.

Yeah, I have the same comment to add here.

[Charlie Brady]

Mike Stoddart wrote:

> What is the best solution of limiting a user to only their home
> directory when they ftp into the box from outside the network?
> I dont want the user navigating around the server; I want to
> restrict them to their login and nothing else.

If that is what you want, then what you have to do is only set up i-bays which they don't have read or write access to (by judicious use of groups and i-bay settings).  Conversely, if they have read and/or write access to ibays from their desktop machines using file sharing protocols, what security purpose does it serve to deny them read or write access via ftp?

Charlie