Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: Aaron on December 19, 2001, 10:18:43 PM

Title: lock FTP users into their own folder
Post by: Aaron on December 19, 2001, 10:18:43 PM

hi,

i host a few domains on my server.
a friend has asked me to host a domain for him.
he will use ftp to upload/manage his web site.
how can i make it so that when he ftp in he won't be able to read my php scripts in my primary folder (and other ibays too)?

thanks for any help.

Title: Re: lock FTP users into their own folder
Post by: Damien Curtain on December 29, 2001, 03:41:04 AM

Heres a templates way to achieve this, you really only need to add a line in the proftpd config file, but this way you could add an option to account/ibay creation etc if you wanted to go that far

ignoring below add the line
DefaultRoot    user
for each user/ibay to lock

Or drop the following fragment into  /etc/e-smith/templates-custom/etc/proftpd.conf

eg.
sudo mkdir /etc/e-smith/templates-custom/etc/proftpd.conf
cat < /etc/e-smith/templates-custom/etc/proftpd.conf/05Chroot
{
    my %accounts;
    tie %accounts, 'esmith::config', '/home/e-smith/accounts';

    my $key;
    my $value;

    $OUT .= "# Chrooted users and ibays\n";

    while (($key,$value) = each %accounts)
    {
        my ($type, %properties) = split (/\|/, $value, -1);
        if ($type eq 'user' or $type eq 'ibay')
        {
            if (defined($properties{'chroot'}) and
                   $properties{'chroot'} eq 'yes')
            {
                $OUT .= "DefaultRoot\t";
                $OUT .= "/home/e-smith/files/" . "$type" . "s/$key";
                $OUT .= "\t$key\n";
            }
        }
    }
}
EOF

Then you can specify who to lock by
sudo /sbin/e-smith/db accounts setprop username/ibay chroot yes/no

then expand the template
sudo /sbin/e-smith/expand-template /etc/proftpd.conf

for eg.
--
 Damien

Title: Re: lock FTP users into their own folder
Post by: Darrin Domoney on April 10, 2002, 04:54:03 AM

Damien,
      I tried your recipe for creating chroot users as I really would like to be able to do this with my ftp users. However when I use setprop and then expand the template it doesn't seem to have any effect (I checked my proftpd.con file).
      What might I be missing - anyone else have a recipe for doing chroot'd ftp users? I like SME 5.1.2 but I am finding that this template system takles some getting used to..... not helped by the fact that they don't have good documentation on how the template system works.

Thanks,
Darrin

PS - Maybe this is a How-To subject ????