Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Jim Hale on September 22, 2002, 07:05:22 AM
-
When my users FTP into the SME box (to leave web pages, files or whatever) using a client like Cute!FTP, they land fine in their home folder but then they can move up the folder tree all the way to /home/e-smith/files/, which grants them access to EVERYTHING like the other users, ibays, samba and the primary website.
Is there a way to block them from going UP but they can create and go DOWN into their home folder as far as they need to?
I want to drop them in their [username] folder and that's it. Then they can do whatever.
I'd hate to wake up one morning only to find out that someone has gone in and wiped everything out. :/
Thanks!
-
Permissions don't allow a user to traverse to another users directory. They can simply list the directories but should have no rights over them. This extends to the IBAYS and Primary directories, assumine you configured the IBAYS with "Read-Group/Write-Group".
Nathan
-
You can use this rpm by Damien Curtain to chroot the user to their home directory
http://www.pagefault.org/e-smith/contrib/index.html#proftpd
Jon
-
Thanks for the info :)
I got a hold of the Chroot RPM for SME (5.5) but I can't seem to make it work right. :/
It installed fine but when I try to lock a person into a directory, it doesn't seem to change what it needs to.
I tried:
/sbin/e-smith/db accounts setprop jim Chroot yes \ChrootDir /home/e-smith/files/users/jim/home
And
/sbin/e-smith/db accounts setprop jim Chroot yes \ChrootDir home
And than ran
/sbin/e-smith/signal-event remoteaccess-update
But when I FTP over to the box, it still lets me navigate up the folder tree to /home/e-smith/files.
Am I typing a parameter wrong? Please let me know.
-
Jim Hale wrote:
>
> Thanks for the info :)
>
> I got a hold of the Chroot RPM for SME (5.5) but I can't seem
> to make it work right. :/
>
> It installed fine but when I try to lock a person into a
> directory, it doesn't seem to change what it needs to.
>
> I tried:
>
> /sbin/e-smith/db accounts setprop jim Chroot yes \ChrootDir
> /home/e-smith/files/users/jim/home
>
> And
>
> /sbin/e-smith/db accounts setprop jim Chroot yes \ChrootDir
> home
>
> And than ran
>
> /sbin/e-smith/signal-event remoteaccess-update
>
> But when I FTP over to the box, it still lets me navigate up
> the folder tree to /home/e-smith/files.
>
> Am I typing a parameter wrong? Please let me know.
Yes.
The backslash in the example is due to the example covering 2 lines, and the path must be the exact directory.
Single line you want:
/sbin/e-smith/db accounts setprop jim Chroot yes ChrootDir /home/e-smith/files/users/jim/home
then
/sbin/e-smith/signal-event remoteaccess-update
--
Damien
-
Rats - it still didn't work :/
Double-checked the spelling and format and everything looked good, but they can still navigate out of their home and up the tree. :/
-
Jim Hale wrote:
>
> Rats - it still didn't work :/
>
> Double-checked the spelling and format and everything looked
> good, but they can still navigate out of their home and up
> the tree. :/
Then you've obviously done something wrong. I suggest you go through what you've done and ensure the database entry is what you expect it to be. I can't make the above any easier unfortunately.
--
Damien