Hello, I have setup a centos server running 5.5 and I have a problem with the FTP settings. Currently I have two FTP accounts based on that server, they lead to: /home/bella /home/carmen Currently the FPT accounts starts in the home directory when they are logged in. But they are able to see all directories on the server. What can I do to make sure they cant come out of there home directory? -- Regards, Huib "Abigor" Laurens Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110314/ad54e08b/attachment-0001.html>
If you are using proftpd, you have to add this line to the config file: DefaultRoot ~ More info at: http://www.proftpd.org/docs/directives/linked/config_ref_DefaultRoot.html Regards. On 14-03-2011 14:27, Huib Laurens wrote:> Hello, > > I have setup a centos server running 5.5 and I have a problem with the > FTP settings. > > Currently I have two FTP accounts based on that server, they lead to: > > /home/bella > /home/carmen > > Currently the FPT accounts starts in the home directory when they are > logged in. But they are able to see all directories on the server. > What can I do to make sure they cant come out of there home directory? > > -- > Regards, > Huib "Abigor" Laurens > > > > Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20110314/805d9b83/attachment-0001.html>
On Mon, Mar 14, 2011 at 1:27 PM, Huib Laurens <sterkebak at gmail.com> wrote:> Hello, > > I have setup a centos server running 5.5 and I have a problem with the FTP > settings. > > Currently I have two FTP accounts based on that server, they lead to: > > /home/bella > /home/carmen > > Currently the FPT accounts starts in the home directory when they are logged > in. But they are able to see all directories on the server. What can I do to > make sure they cant come out of there home directory? > > -- > Regards, > Huib "Abigor" Laurens > > > > Support Free Knowledge: http://wikimediafoundation.org/wiki/Donate > > > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >It depends on the FTP server software you use. If you are using VSFTP, then you want to add or uncomment the following line in /etc/vsftpd/vsftpd.conf chroot_local_user=YES Save the changes. Restart VSFTPD. This will jail the user to their home directory. Taken from: http://centoshacker.com/kabir/remove-access/creating-a-chroot-jail-enabled-ftp-service.html If you use ProFTPD (which is what I use), then follow this guide: http://www.proftpd.org/docs/howto/Chroot.html Josh
On Mon, Mar 14, 2011 at 1:27 PM, Huib Laurens <sterkebak at gmail.com> wrote:> Hello, > > I have setup a centos server running 5.5 and I have a problem with the FTP > settings. > > Currently I have two FTP accounts based on that server, they lead to: > > /home/bella > /home/carmen > > Currently the FPT accounts starts in the home directory when they are logged > in. But they are able to see all directories on the server. What can I do to > make sure they cant come out of there home directory? > > -- > Regards, > Huib "Abigor" LaurensFirst things first. *DO NOT* use FTP. It's a blatantly insecure protocl and passes passwords, and data, in the clear. Second, if you *MUST* use FTP, do not use it with normal usernames and passwords. Third, if you *MUST* use FTP, use FTPS which SSL tunnels the connections. Fourth, read the manual page on the "vsftpd" server. In particulare, review this: chroot_list_enable If activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting. Default: NO