Koozali.org: home of the SME Server
Legacy Forums => General Discussion (Legacy) => Topic started by: Eddy Van Hoeserlande on July 27, 2000, 02:16:41 AM
-
Hi again,
is it possible to ftp to an i-bay?? My collegue is working at home and he wants to tranfer some data??
Eddy,
--
BSYS bvba
Blankenbergsesteenweg 5
8420 De Haan
Belgium
www.bsys.be
Tel 050/42.47.45
Fax 050/42.67.09
GPS: N 51°18'36" E 3°6'30"
-
FTP works fine, but he has access to all the I-BAYS! I only want to grant him access to certain I-bays! Or maybe there is a bug in my version om E-smith, I will do an update to the latest version and I will come back to this issue after that upgrade!
Eddy,
Eddy Van Hoeserlande wrote:
> Hi again,
>
> is it possible to ftp to an i-bay?? My collegue is working at
> home and he wants to tranfer some data??
>
> Eddy, -- BSYS bvba
>
> Blankenbergsesteenweg 5 8420 De Haan Belgium www.bsys.be Tel
> 050/42.47.45 Fax 050/42.67.09 GPS: N 51°18'36" E
> 3°6'30"
>
-
> FTP works fine, but he has access to all the I-BAYS! I only
> want to grant him access to certain I-bays! Or maybe there is a
> bug in my version om E-smith, I will do an update to the latest
> version and I will come back to this issue after that upgrade!
There were some ftp-related problems in some of the beta releases - please try the latest version. To write to an i-bay you will have to enable "public FTP write access", which will allow your e-smith users to write to the i-bay if the group setting allows them access.
Best regards,
- Joe
-
What is the best solution of limiting a user to only their home directory when they ftp into the box from outside the network? I dont want the user navigating around the server; I want to restrict them to their login and nothing else.
Thanks
-
Hello Mike,
> What is the best solution of limiting a user to only their home
> directory when they ftp into the box from outside the network?
> I dont want the user navigating around the server; I want to
> restrict them to their login and nothing else.
They should only be able to write to their home directory and to any i-bays that they've explicitly been given access to write. Everything else should be read-only.
You can experiment with the DefaultRoot directive in the /etc/e-smith/templates/etc/proftpd.conf template. See
http://www.proftpd.net/docs/configuration.html#DefaultRoot
for documentation.
- Joe Morrison, CEO
-
Thanks - I'll read that when I get chance. I do think that the E-Smith server should prevent users who ftp in from browsing around the server. It makes it more secure; for example I store the data files (i.e. emails) from the webmail interface Mailman in an ibay "files" directory and I wouldn't want someone to ftp in and read them.
-
Mike Stoddart wrote:
> Thanks - I'll read that when I get chance. I do think that the
> E-Smith server should prevent users who ftp in from browsing
> around the server. It makes it more secure; for example I store
> the data files (i.e. emails) from the webmail interface Mailman
> in an ibay "files" directory and I wouldn't want
> someone to ftp in and read them.
Yeah, I have the same comment to add here.
-
Mike Stoddart wrote:
> What is the best solution of limiting a user to only their home
> directory when they ftp into the box from outside the network?
> I dont want the user navigating around the server; I want to
> restrict them to their login and nothing else.
If that is what you want, then what you have to do is only set up i-bays which they don't have read or write access to (by judicious use of groups and i-bay settings). Conversely, if they have read and/or write access to ibays from their desktop machines using file sharing protocols, what security purpose does it serve to deny them read or write access via ftp?
Charlie