Hello,
We have a machine acting as an FTP server. The problem is that when I
connect to the server, I see the entire path, and I have list access to
everywhere on the server. How do I force FTP to stay in it’s user’s home
directory?
My “/etc/ftpusers” is a list of users that have no access, including
root. The user I created for FTPing is called “ftpuser” with a password.
Why, when I connect as “ftpuser”, would I have access to the entire
filesystem? On my other machines, the user only has access to his own
home directory.
Any help is appreciated!
Sincerely,
Adrian Mellognio
No comments on this one?
What am I missing here? What do I have to do to make the ftp user’s
directory access relative to the home directory (the user’s root is
“/home/ftpuser/”)?
Sincerely,
Adrian Mellognio
Adrian Mellognio wrote:
Hello,
We have a machine acting as an FTP server. The problem is that when I
connect to the server, I see the entire path, and I have list access to
everywhere on the server. How do I force FTP to stay in it’s user’s home
directory?
My “/etc/ftpusers” is a list of users that have no access, including
root. The user I created for FTPing is called “ftpuser” with a password.
Why, when I connect as “ftpuser”, would I have access to the entire
filesystem? On my other machines, the user only has access to his own
home directory.
Any help is appreciated!
Sincerely,
Adrian Mellognio
Adrian Mellognio <amellognio@crisys.com> wrote:
No comments on this one?
What am I missing here? What do I have to do to make the ftp user’s
directory access relative to the home directory (the user’s root is
“/home/ftpuser/”)?
This requires some sort of “chroot” operation, and I don’t think
our ftpd supports that. In fact, because of the way pathnames
work, with the high-level prefix space, it is nigh impossible to
keep someone in a directory, since they can usually do an
absolute path with //0/ or //1/ or whatever the node is to get
out of that space.
So, I don’t know of a way to do this.
(Well, I know that for the old quics system we did something of
this sort, but it required a massively huge configuration setup,
and all sorts of ugliness, quite probably including custom versions
of various utilities.)
-David
QNX Training Services
http://www.qnx.com/support/training/
Please followup in this newsgroup if you have further questions.
David Gibbs <dagibbs@qnx.com> wrote:
Adrian Mellognio <> amellognio@crisys.com> > wrote:
No comments on this one?
What am I missing here? What do I have to do to make the ftp user’s
directory access relative to the home directory (the user’s root is
“/home/ftpuser/”)?
This requires some sort of “chroot” operation, and I don’t think
our ftpd supports that. In fact, because of the way pathnames
work, with the high-level prefix space, it is nigh impossible to
keep someone in a directory, since they can usually do an
absolute path with //0/ or //1/ or whatever the node is to get
out of that space.
So, I don’t know of a way to do this.
(Well, I know that for the old quics system we did something of
this sort, but it required a massively huge configuration setup,
and all sorts of ugliness, quite probably including custom versions
of various utilities.)
I recall doing this with a “*” in the password file instead of
a “x” – another trick had to do with creating a /bin directory
off of the home directory (i.e., if the user was /home/ftpuser,
there needed to be a /home/ftpuser/bin directory that had all the
allowed executables). Stuff like that.
Dave, that’s prolly why you remember it being horrible for node 1’s
QUICS system – //1/u/d/dagibbs/u/d/dagibbs/ comes to mind as a path 
Cheers,
-RK
-David
QNX Training Services
http://www.qnx.com/support/training/
Please followup in this newsgroup if you have further questions.
–
Robert Krten, PARSE Software Devices +1 613 599 8316.
Realtime Systems Architecture, Books, Video-based and Instructor-led
Training, Consulting and Software Products at www.parse.com.