Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > ISPConfig 3 > Installation/Configuration
Reload this Page FTP user directory restriction
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
Page 1 of 2 1 2
 
Thread Tools Display Modes
  #1  
Old 26th November 2011, 14:21
olimortimer olimortimer is offline
Junior Member
  
Join Date: Nov 2011
Posts: 28
Thanks: 6
Thanked 0 Times in 0 Posts
Default FTP user directory restriction
Hi all,

I've recently purchased a VPS and running Ubuntu LTS. I've installed and setup ISPConfig 3.0.4.1 but ran into a slight niggle...

Users can FTP fine, but they can traverse directories. They can't access other client's folders, but they can see them (along with domain names). How do I restrict them so they can't come out of their own home directory? Is this something to do with Jailkit?

I don't think I have Jailkit installed, and by the looks of it, you can't install it after installing ISPConfig...?
Reply With Quote
Sponsored Links
  #2  
Old 26th November 2011, 16:40
till till is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 32,071
Thanks: 697
Thanked 4,251 Times in 3,263 Posts
Default
Quote:
Is this something to do with Jailkit?
No.

You missed to enable the virtual chroot option in the pure-ftpd.con configuration file whhile you installed pure-ftpd.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
The Following User Says Thank You to till For This Useful Post:
olimortimer (27th November 2011)
  #3  
Old 27th November 2011, 19:03
olimortimer olimortimer is offline
Junior Member
  
Join Date: Nov 2011
Posts: 28
Thanks: 6
Thanked 0 Times in 0 Posts
Default
Ah I see! Do you have a link to a how-to on doing that please?

I installed it from this guide, but I do admit I missed the part about editing /etc/fstab as I wasn't sure what I needed to enter.

http://www.howtoforge.com/perfect-se...ispconfig-3-p4
Reply With Quote
  #4  
Old 27th November 2011, 20:42
till till is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 32,071
Thanks: 697
Thanked 4,251 Times in 3,263 Posts
Default
See chapter 15 of the tutorial that you used alredy.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #5  
Old 27th November 2011, 21:06
olimortimer olimortimer is offline
Junior Member
  
Join Date: Nov 2011
Posts: 28
Thanks: 6
Thanked 0 Times in 0 Posts
Default
I did those steps in that chapter, and double checked, but it hasn't stopped logins traversing directories.

The only part in that chapter I didn't do was the fstab as I didn't know what I needed I put - do I use the exact line he added?
Reply With Quote
  #6  
Old 28th November 2011, 09:07
till till is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 32,071
Thanks: 697
Thanked 4,251 Times in 3,263 Posts
Default
Please post the pure-ftpd.conf file from your server.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #7  
Old 28th November 2011, 10:10
olimortimer olimortimer is offline
Junior Member
  
Join Date: Nov 2011
Posts: 28
Thanks: 6
Thanked 0 Times in 0 Posts
Default
Do you mean pure-ftpd-common ?

Code:
# STANDALONE_OR_INETD
# valid values are "standalone" and "inetd".
# Any change here overrides the setting in debconf.
STANDALONE_OR_INETD=standalone

# VIRTUALCHROOT:
# whether to use binary with virtualchroot support
# valid values are "true" or "false"
# Any change here overrides the setting in debconf.
VIRTUALCHROOT=true

# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
# pure-uploadscript will also be run to spawn the program given below
# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
# pure-uploadscript(8)

# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
UPLOADSCRIPT=

# if set, pure-uploadscript will spawn $UPLOADSCRIPT running as the
# given uid and gid
UPLOADUID=
UPLOADGID=
Reply With Quote
  #8  
Old 28th November 2011, 10:12
olimortimer olimortimer is offline
Junior Member
  
Join Date: Nov 2011
Posts: 28
Thanks: 6
Thanked 0 Times in 0 Posts
Default
I do get this when I restart the Pure-FTP service:

Code:
Restarting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/PureDB: "/etc/pure-ftpd/pureftpd.pdb": No such file
Reply With Quote
  #9  
Old 28th November 2011, 10:20
till till is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 32,071
Thanks: 697
Thanked 4,251 Times in 3,263 Posts
Default
The config file looks fine. Please run:

rm -f /etc/pure-ftpd/conf/PureDB

and then restart pure-ftpd as PureDB is not used on your server.

Are you sure that you accessed the server with FTP and not e.g. SFTP or SCP? Please check the settings of your FTP client. SFTP and SCP are SSH based protocols provided by the ssh daemon and not FTP protocols.
__________________
Till Brehm
--
Get ISPConfig support and the ISPConfig 3 manual from ispconfig.org.
Reply With Quote
  #10  
Old 28th November 2011, 11:13
olimortimer olimortimer is offline
Junior Member
  
Join Date: Nov 2011
Posts: 28
Thanks: 6
Thanked 0 Times in 0 Posts
 
Default
I've run that, and restarted, and now I'm getting:

Code:
Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -O clf:/var/log/pure-ftpd/transfer.log -E -u 1000 -8 UTF-8 -Y 1 -B
Testing the FTP, and I can still see other users directories.

This is a log from my FTP client, and you can see that I'm able to access other clients (I can't see files), but I can the folders for their domains:

Code:
Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 1 of 50 allowed.
Response:	220-Local time is now 10:09. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	USER ***
Response:	331 User *** OK. Password required
Command:	PASS *********
Response:	230-User *** has group access to:  client1    sshusers  
Response:	230 OK. Current directory is /var/www/clients/client1/web16
Command:	OPTS UTF8 ON
Response:	200 OK, UTF-8 enabled
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/var/www/clients/client1/web16" is your current location
Status:	Directory listing successful
Status:	Retrieving directory listing...
Command:	CWD /var/www/clients/client2/ANOTHERCLIENT.com
Response:	250 OK. Current directory is /var/www/clients/client2/web1
Command:	PWD
Response:	257 "/var/www/clients/client2/web1" is your current location
Status:	Directory listing successful
Reply With Quote
Reply
Page 1 of 2 1 2

Bookmarks

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
ISPConfig install issues... flyingaggie Installation/Configuration 2 18th July 2008 10:46
update failed loge Installation/Configuration 6 1st December 2007 17:53
Systemimager (rsync) doesn't copy all comedit HOWTO-Related Questions 11 19th January 2007 17:17
64-bit Debian 3.1 Install Issue naruto Installation/Configuration 14 5th September 2006 04:12
Install Error on Debian 3.1 planet_fox Installation/Configuration 4 25th June 2006 17:03


All times are GMT +2. The time now is 08:14.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.