Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 7th January 2009, 17:51
vmos vmos is offline
Member
 
Join Date: Nov 2008
Posts: 57
Thanks: 1
Thanked 0 Times in 0 Posts
Default restricting where pureftp users to web directory

Good afternoon, I recently built a debian server and put in pureftp with mysql and the pureftp manager front end from solariz.

Now this front end is going to be used by a client to create directories for websites so in the front end they put in /web/www.website.com for the ftp root

and when that user logs in they are chrooted to www.website.com and can't go anywhere, that's all grand

but the problem is that the client can use the front end to put in /u0/ or /etc/ as the ftproot for example.

OK, they won't have write access but for a number of reasons I need to keep them out of there.

I've found out how to specifiy /web as the default directory but I can't find how to leave the client with no other option and ensure they can't get access outside of the /web directory

any ideas?
Reply With Quote
Sponsored Links
  #2  
Old 8th January 2009, 14:21
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,735 Times in 2,571 Posts
Default

I don't know Pureftpd Manager, but shouldn't only the admin be allowed to specify/change the directories?
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 8th January 2009, 18:40
vmos vmos is offline
Member
 
Join Date: Nov 2008
Posts: 57
Thanks: 1
Thanked 0 Times in 0 Posts
 
Default .

well yes, but that's the problem. The client needs to have access to create ftp accounts (there's also a front end for them to add vhosts) so they look after the web end but at the same time I need to keep them out of the rest of the server.
They only have access to the /web directory but they could potentially use this to get read access to the rest of the server (I know this because I've tried it)
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cacti and ISPConfig: Monitoring Tool VMartins Tips/Tricks/Mods 11 9th August 2008 18:37
Installations Problem @ PHP thryb Installation/Configuration 1 7th November 2007 13:41
Install ISPConfig On FC2 amss Installation/Configuration 5 4th March 2007 20:49
PHP error chrno Installation/Configuration 2 7th September 2006 13:27
error compiling php5 florianrieder Installation/Configuration 3 23rd March 2006 18:41


All times are GMT +2. The time now is 01:01.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.