Lockdown DA or Linux? FTP Users Can See Root

Lockdown User Access: BASH2 or RBASH? (See Bottom of Thread)

Hi All,

How do you lock down FTP users' access in DA or Linux?

One quirk of my linux box, ever since the hosting provider granted me access, is that a logged-in user can see their home FTP directory and if they try to go down towards root, it allows them. It was never an issue before, because I was the only 'user' accessing the web server. But on Monday, I have a guy transferring his site to me and installing it. So... now how do I lock it down so he can only see his FTP home directory and not have access to the rest?

(EDIT: Please see the posts toward the bottom of the thread, when I discover I need to lock down BASH)

Thanks!

Ansel

It is not a question of DA or linux, but FTP server. DA uses proFTP, so you need to edit proftpd.conf so to add This will "jail" user to his own directory. You may find this useful http://www.castaglia.org/proftpd/doc/contrib/ProFTPD-mini-HOWTO-ConfigFile.html

Lockdown User Access: BASH2 or RBASH? (See Bottom of Thread)

Hi All,

Well, it turns out that I was able to penetrate further toward root because I was logging in with SSH/SFTP. So, that would explain why I was able to do what I did with ProFTP's "DefaultRoot ~" switch enabled.

So.. how do I lock down directories in SSH? Bash? Bash2? RBash?

I have read some things on Bash2 and RBash, but I'm not sure how to implement them on my CentOS 5 / DirectAdmin Linux box.

Any help would be appreciated!

Thanks,

Ansel

dont give your users ssh access there is no need for it.

dont give your users ssh access there is no need for it.

Click to expand...

True if you want your users to continue to use ftp and transmit their passwords in plain text.

To use the more secure SFTP then ssh access is needed. See the knowledgebase about ssh jail.

Lol like you cant easily break out of a jail?

It is certainly more secure that ftp. So what do YOU suggest scsi?