Great, Thankz for the help. It is mostly working but I'm not sure how to
"jail" him to
/home/http? What does this mean:
>or any other ftp user) to his/her home directory is by
>using the global directive DefaultRoot ~ , which essentially
>jails the user to his directory so he/she cannot venture out
>of the home dir. sorry i can't help u on the other
What is a global directive?
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
> Omer Ansari
> Sent: Thursday, April 08, 1999 11:05 PM
> To: Benjamin M Baraga
> Cc: [EMAIL PROTECTED]
> Subject: Re: User Ftp access
>
>
> Benjamin M Baraga wrote:
> >
> > I have a question.
> >
> > I have a linux (Redhat 5.1) box that is hosting our web page,
> via Apache. I
> > want to give the webmaster FTP only access to the server. How
> do I create a
> > user like this? I don't want him to be able to login to the
> server, only be
> > able to FTP to the /home/http directory. Any help would be appreciated.
>
> by using adduser (or useradd) command u can create a user
> with specific uid/gid's, (if this user is not already there
> in the /etc/passwd file). Be sure to specify the home
> directory of this user as /home/http so that whenever he/she
> logs on via ftp/telnet/whatever he is taken to his root
> directory by default...
>
> to restrict him to use ftp services only and not the telnet
> service, u'll have to change the shell of the user in the
> /etc/passwd file to a dummy shell...in other words... where
> it states /bin/bash, u have to define a dummy shell like
> /bin/blah which actually points to a file which doesn't even
> exist....then you have to append /bin/blah in your
> /etc/shells file.
> The reason for all this shibang is that the RFC defining FTP
> states explicitly that the user ftp'ing needs to have a
> valid shell on the machine he/she is ftp'ing. By adding our
> dummy shell (/bin/blah) in /etc/shells we are actually
> fooling the ftp server into believing that the user
> (webmaster) indeed has a real shell, so let him ftp into the
> server.
>
> The adduser command in slack is a step by step input/output
> sequence which gets the user's info interactively from the
> shell..I remember running into a problem of the 8 characters
> or less requirement (as webmaster is 9 characters) and thus
> i defined a user dodo, and went into /etc/passwd and
> /etc/shadow and changed the dodo to webmaster. RH might not
> have the 8 character limitation because the useradd/adduser
> command does not require so...but nevertheless i thought it
> better to share the information.
>
> Ok..on a last note...if you are running proftpd as your ftp
> server on your webserver, the way to restrict the webmaster
> (or any other ftp user) to his/her home directory is by
> using the global directive DefaultRoot ~ , which essentially
> jails the user to his directory so he/she cannot venture out
> of the home dir. sorry i can't help u on the other
> ftpservers front, but maybe the command 'chroot' might be
> useful there....haven't really ever understood how to use
> this command, but i have heard that this can be used to jail
> users too. do let me know if u use it successfully.
>
>
> if you have any other queries, let me know..because i'm
> running a similar setup as yours...and might save u time
> (and hair-loss!) if you run into some strange problem :)
>
>
> regards,
>
>
>
> >
> > Thankz in Advance
> >
> > Benjamin Baraga
> > Systems Engineer
> > Heron Network Services
>
> --
> Omer Ansari
> Network Engineer,
> Supernet PDSL
> Pakistan.
>
> Digital Fingerprint:
> A641 2DCB D180 4ACD CA00 DC4E 1698 847B E3CA A88F
>
