HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   General (http://www.howtoforge.com/forums/forumdisplay.php?f=15)
-   -   FTP users have access to others folders (http://www.howtoforge.com/forums/showthread.php?t=32479)

nsansari 15th March 2009 20:37

FTP users have access to others folders
 
So I've being using ISPConfig for about two years I think. Version is 2.2.18 running on ubuntu. I installed this and played around with it at the time I installed it and since then I've never touched it. Its been running fine sitting in the background doing its job quietly.

However recently a new user complained that he could not get ftp access so I had a look and strangely enough found out that yes he can get to ftp but not just his site he can actually browse the whole server with his user account. So I've tested other users on the system and it seems like it is the same for every user I have on the system.

When the user logs on first time he goes to his respective web , but if he goes up levels then he can see other folders as well. I'm not even sure where to start looking as its been such a long time that I installed this sytem.

Can some one help at all , or point me to the right direction.

Thanks in advance.

till 15th March 2009 20:55

You have to enable the ftp chrooting as described in the perfect setup guide. Add the line:

DefaultRoot ~

to the proftpd.conf file and restart proftpd.

nsansari 15th March 2009 21:24

wow, didn't expect a reply so quick. :)

that line is already there

# Use this to jail all users in their homes
DefaultRoot ~
IdentLookups off
ServerIdent on "FTP Server Ready."
# Users require a valid shell listed in /etc/shells to login.
# Use this directive to release that constrain.
# RequireValidShell off

# Port 21 is the standard FTP port.
Port 21


Any other thoughts??

till 15th March 2009 21:29

Then you either run a different ftp server and not proftpd or your users accessed the server e.g. by ssh or sftp and not ftp.

nsansari 15th March 2009 21:41

my apologies,

I have used winscp to check this and realised i was using the sftp option to connect and that is what gives the user all access.

However now changing that to ftp user has only access to their folder.

But surely that can't be right, that using sftp they can have complete access. ??

Thanks for your help

nsansari 15th March 2009 21:43

Ahh power of google ,

if I block port 22, that would do the job ?

till 15th March 2009 22:48

Thats not nescessary, just do not enable the shell / ssh option in the website settings.

nsansari 15th March 2009 23:08

thank you very much Till, much appreciated.


All times are GMT +2. The time now is 05:52.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.