[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: how to limit area's users can traverse



I use this proftp.conf

# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use.  It establishes a single server
# and a single anonymous login.  It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.

ServerName                      "ProFTPD"
ServerType                      standalone
DeferWelcome                    off
ShowSymlinks                    on

DefaultServer                   on

# Port 21 is the standard FTP port.
Port                            21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask                           022

# Set the user and group that the server normally runs at.
User                            root
Group                           root



<VirtualHost ftp.yourhost.com>
DefaultRoot ~


# A basic anonymous configuration, no upload directories.

<Anonymous ~ftp>
  User                          ftp
  Group                         nogroup
  # We want clients to be able to login with "anonymous" as well as "ftp"
  UserAlias                     anonymous ftp

  RequireValidShell             off
##
  # Limit the maximum number of anonymous logins
  MaxClients                    20

  # We want 'welcome.msg' displayed at login, and '.message' displayed
  # in each newly chdired directory.
  DisplayLogin                  welcome.msg
  DisplayFirstChdir             .message

  # Limit WRITE everywhere in the anonymous chroot
  <Directory *>
    <Limit WRITE>
      DenyAll
    </Limit>
  </Directory>

</Anonymous>


-----Mensagem Original-----
De: John F. Davis <davis@skink.net>
Para: debian isp mailing list <debian-isp@lists.debian.org>
Enviada em: Terça-feira, 18 de Julho de 2000 17:11
Assunto: how to limit area's users can traverse


> hello
>
> How do you limit the area which a user can go with ftp?
> i.e, when user ftp's to my server, how do I keep him in
> his portion of the filesystem only.
>
> Way back when, I saw a setup on a redhat system which
> had a non standard "cd" binary which was put
> in each user's path.  This "cd" could not be deleted
> by the user and it would not allow the user to cd
> to any directory not owned by the user.  It seemed
> kinda weird, but it definitely did the trick.
>
> John
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org
>
>



Reply to: