Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Mike Stoddart on March 02, 2001, 12:38:43 AM

Title: Jailing users to ~ with proftpd in eSmith
Post by: Mike Stoddart on March 02, 2001, 12:38:43 AM

Does anyone know how to configure proftpd in eSmith to jail the user to their
home directories using DefaultRoot? I know to change the file:

/etc/e-smith/templates/etc/proftpd.conf/template-begin

but it already contains a DefaultRoot, so I'm not sure how adding another one would affect the daemon. I know the syntax is:

DefaultRoot ~ users

at least I'm sure that's what is needed.

Also are there any security issues with using this. I know the syntax for DefaultRoot, but I'm not sure exactly where in the proftpd.conf it should be placed.

By default users aren't chained to their home directories, so they can browse up as far as /home/e-smith/files I think. I know this isn't classed as a security risk, but they can browser through other files that they shouldn't see.


Thanks
Mike

Title: Re: Jailing users to ~ with proftpd in eSmith
Post by: Mike Stoddart on March 02, 2001, 05:28:40 AM

Well, noone has replied so I'll reply to myself with another question!

The default for DefaultRoot is

DefaultRoot /home/e-smith/files

Will I cause any problems if I replace this with:

DefaultRoot ~

???? Will this affect anything else, or make my server any less secure?

Thanks

Title: Re: Jailing users to ~ with proftpd in eSmith
Post by: Emory Smith on March 03, 2001, 03:24:49 PM

Create /etc/e-smith/templates/etc/proftpd.conf/01Global

Edit to contain:

DefaultRoot ~ !root



HTH

Title: Re: Jailing users to ~ with proftpd in eSmith
Post by: Charlie Brady on March 03, 2001, 07:48:32 PM

Emory Smith wrote:
>
> Create /etc/e-smith/templates/etc/proftpd.conf/01Global

You mean, of course, /etc/e-smith/templates-custom/etc/proftpd.conf/01Global

Regards

Charlie