FTP users have access to others folders

Discussion in 'General' started by nsansari, Mar 15, 2009.

  1. nsansari

    nsansari New Member

    So I've being using ISPConfig for about two years I think. Version is 2.2.18 running on ubuntu. I installed this and played around with it at the time I installed it and since then I've never touched it. Its been running fine sitting in the background doing its job quietly.

    However recently a new user complained that he could not get ftp access so I had a look and strangely enough found out that yes he can get to ftp but not just his site he can actually browse the whole server with his user account. So I've tested other users on the system and it seems like it is the same for every user I have on the system.

    When the user logs on first time he goes to his respective web , but if he goes up levels then he can see other folders as well. I'm not even sure where to start looking as its been such a long time that I installed this sytem.

    Can some one help at all , or point me to the right direction.

    Thanks in advance.
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    You have to enable the ftp chrooting as described in the perfect setup guide. Add the line:

    DefaultRoot ~

    to the proftpd.conf file and restart proftpd.
  3. nsansari

    nsansari New Member

    wow, didn't expect a reply so quick. :)

    that line is already there

    # Use this to jail all users in their homes
    DefaultRoot ~
    IdentLookups off
    ServerIdent on "FTP Server Ready."
    # Users require a valid shell listed in /etc/shells to login.
    # Use this directive to release that constrain.
    # RequireValidShell off

    # Port 21 is the standard FTP port.
    Port 21

    Any other thoughts??
  4. till

    till Super Moderator Staff Member ISPConfig Developer

    Then you either run a different ftp server and not proftpd or your users accessed the server e.g. by ssh or sftp and not ftp.
  5. nsansari

    nsansari New Member

    my apologies,

    I have used winscp to check this and realised i was using the sftp option to connect and that is what gives the user all access.

    However now changing that to ftp user has only access to their folder.

    But surely that can't be right, that using sftp they can have complete access. ??

    Thanks for your help
  6. nsansari

    nsansari New Member

    Ahh power of google ,

    if I block port 22, that would do the job ?
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Thats not nescessary, just do not enable the shell / ssh option in the website settings.
  8. nsansari

    nsansari New Member

    thank you very much Till, much appreciated.

Share This Page