Re: FTP Access

From: Lew Pitcher <lpitcher@xxxxxxxxxxxx>
Date: Thu, 03 Feb 2011 17:09:55 -0500

On February 3, 2011 15:49, in comp.os.linux.setup, rjk@xxxxxxxxxxxxxxx
wrote:

The Natural Philosopher <tnp@xxxxxxxxxxxxxxx> writes:

ExecMan wrote:

I need some help. I am running CentOS 5.x. I have disabled FTP and
only allow SSH / SFTP. I would like to prevent certain users from
going outside their home directories. So, when a given user logs in
to transfer files, or SSH's in, they are contained to their home
directory tree only.

I'm hoping this is not a long drawn out process. If anyone has
anything more easily done, please let me know.

Man chroot?

used to work with straight ftp..

pam_chroot is probably the answer for SSH logins, though I've never used
it myself. http://code.google.com/p/pam-chroot/ if it's not already in
CentOS.

The SSH server supports an internal chroot option; see the "ChrootDirectory"
option documented in sshd_config(5).

To the OP: be aware that chroot(2) (in whatever form you use it in) will
require some additional setup in your user's directory structure. chroot(2)
only changes the "root directory", it does not relieve you of the
obligations of having the proper directory structure under the new root
directory. That means, if you intend to chroot() to (say) /home, then there
must be a properly populated /home/etc, /home/dev, /home/bin, and all the
other requisite directories.

--
Lew Pitcher
Master Codewright & JOAT-in-training | Registered Linux User #112576
Me: http://pitcher.digitalfreehold.ca/ | Just Linux: http://justlinux.ca/
---------- Slackware - Because I know what I'm doing. ------

.

References:
- FTP Access
  - From: ExecMan
- Re: FTP Access
  - From: The Natural Philosopher
- Re: FTP Access
  - From: Richard Kettlewell

Prev by Date: Re: FTP Access
Next by Date: Re: FTP Access
Previous by thread: Re: FTP Access
Next by thread: Re: FTP Access
Index(es):
- Date
- Thread

Relevant Pages

Re: Chroot environment for ssh
... > would like to use SSH for the connections, as opposed to FTP, but I ... > users to be able to log into an interactive shell and I ... > want them to 'escape' out of their home directories. ... directives to chroot the groupand/or userthat are to have ...
(FreeBSD-Security)
Re: ssh chrooted enviroment WITHOUT /bin /etc /lib - etc etc in the users dir ?
... > I have been looking for a chroot patch to ssh for a while. ... If you don't care that they can see each other's home directories, ... I don't know what you mean by bin/lib dirs confusing a user. ...
(comp.os.linux.security)
Re: FTPS Server?
... port numbers by deep packet inspection. ... client, but the underlying SSH protocol over the network is way, way ... See the chroot configuration in the man-page for sshd_config ... recommend running a separate instance on a separate port (if firewalls ...
(freebsd-stable)
Re: chroot SSH users.
... Subsystem sftp internal-sftp ... SSH in the system. ... "Make sure chroot support was compiled in" ...
(freebsd-questions)
Re: Need advice on setting of an SSH server for untrusted users
... > I've just set up an ssh server so that my customers can download code ... I've set up ssh so that it requires rsa authentication. ... There is a patch for openssh that will cause it to do a chroot like ... The issue with a chroot jail for ssh is that you have to hand-roll the ...
(comp.os.linux.security)