Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 26th November 2011, 14:21
olimortimer olimortimer is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 57
Thanks: 12
Thanked 2 Times in 1 Post
Default FTP user directory restriction

Hi all,

I've recently purchased a VPS and running Ubuntu LTS. I've installed and setup ISPConfig 3.0.4.1 but ran into a slight niggle...

Users can FTP fine, but they can traverse directories. They can't access other client's folders, but they can see them (along with domain names). How do I restrict them so they can't come out of their own home directory? Is this something to do with Jailkit?

I don't think I have Jailkit installed, and by the looks of it, you can't install it after installing ISPConfig...?
Reply With Quote
Sponsored Links
  #2  
Old 26th November 2011, 16:40
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,483
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

Quote:
Is this something to do with Jailkit?
No.

You missed to enable the virtual chroot option in the pure-ftpd.con configuration file whhile you installed pure-ftpd.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
olimortimer (27th November 2011)
  #3  
Old 27th November 2011, 19:03
olimortimer olimortimer is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 57
Thanks: 12
Thanked 2 Times in 1 Post
Default

Ah I see! Do you have a link to a how-to on doing that please?

I installed it from this guide, but I do admit I missed the part about editing /etc/fstab as I wasn't sure what I needed to enter.

http://www.howtoforge.com/perfect-se...ispconfig-3-p4
Reply With Quote
  #4  
Old 27th November 2011, 20:42
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,483
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

See chapter 15 of the tutorial that you used alredy.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 27th November 2011, 21:06
olimortimer olimortimer is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 57
Thanks: 12
Thanked 2 Times in 1 Post
Default

I did those steps in that chapter, and double checked, but it hasn't stopped logins traversing directories.

The only part in that chapter I didn't do was the fstab as I didn't know what I needed I put - do I use the exact line he added?
Reply With Quote
  #6  
Old 28th November 2011, 09:07
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,483
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

Please post the pure-ftpd.conf file from your server.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 28th November 2011, 10:10
olimortimer olimortimer is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 57
Thanks: 12
Thanked 2 Times in 1 Post
Default

Do you mean pure-ftpd-common ?

Code:
# STANDALONE_OR_INETD
# valid values are "standalone" and "inetd".
# Any change here overrides the setting in debconf.
STANDALONE_OR_INETD=standalone

# VIRTUALCHROOT:
# whether to use binary with virtualchroot support
# valid values are "true" or "false"
# Any change here overrides the setting in debconf.
VIRTUALCHROOT=true

# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
# pure-uploadscript will also be run to spawn the program given below
# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
# pure-uploadscript(8)

# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
UPLOADSCRIPT=

# if set, pure-uploadscript will spawn $UPLOADSCRIPT running as the
# given uid and gid
UPLOADUID=
UPLOADGID=
Reply With Quote
  #8  
Old 28th November 2011, 10:12
olimortimer olimortimer is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 57
Thanks: 12
Thanked 2 Times in 1 Post
Default

I do get this when I restart the Pure-FTP service:

Code:
Restarting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/PureDB: "/etc/pure-ftpd/pureftpd.pdb": No such file
Reply With Quote
  #9  
Old 28th November 2011, 10:20
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 35,483
Thanks: 813
Thanked 5,255 Times in 4,121 Posts
Default

The config file looks fine. Please run:

rm -f /etc/pure-ftpd/conf/PureDB

and then restart pure-ftpd as PureDB is not used on your server.

Are you sure that you accessed the server with FTP and not e.g. SFTP or SCP? Please check the settings of your FTP client. SFTP and SCP are SSH based protocols provided by the ssh daemon and not FTP protocols.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #10  
Old 28th November 2011, 11:13
olimortimer olimortimer is offline
HowtoForge Supporter
 
Join Date: Nov 2011
Posts: 57
Thanks: 12
Thanked 2 Times in 1 Post
 
Default

I've run that, and restarted, and now I'm getting:

Code:
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -O clf:/var/log/pure-ftpd/transfer.log -E -u 1000 -8 UTF-8 -Y 1 -B
Testing the FTP, and I can still see other users directories.

This is a log from my FTP client, and you can see that I'm able to access other clients (I can't see files), but I can the folders for their domains:

Code:
Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 1 of 50 allowed.
Response:	220-Local time is now 10:09. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	USER ***
Response:	331 User *** OK. Password required
Command:	PASS *********
Response:	230-User *** has group access to:  client1    sshusers  
Response:	230 OK. Current directory is /var/www/clients/client1/web16
Command:	OPTS UTF8 ON
Response:	200 OK, UTF-8 enabled
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/var/www/clients/client1/web16" is your current location
Status:	Directory listing successful
Status:	Retrieving directory listing...
Command:	CWD /var/www/clients/client2/ANOTHERCLIENT.com
Response:	250 OK. Current directory is /var/www/clients/client2/web1
Command:	PWD
Response:	257 "/var/www/clients/client2/web1" is your current location
Status:	Directory listing successful
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig install issues... flyingaggie Installation/Configuration 2 18th July 2008 10:46
update failed loge Installation/Configuration 6 1st December 2007 17:53
Systemimager (rsync) doesn't copy all comedit HOWTO-Related Questions 11 19th January 2007 17:17
64-bit Debian 3.1 Install Issue naruto Installation/Configuration 14 5th September 2006 04:12
Install Error on Debian 3.1 planet_fox Installation/Configuration 4 25th June 2006 17:03


All times are GMT +2. The time now is 13:28.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.