• proftp and one user, multiple chrooted directories

    From ian diddams@1:0/0 to All on Wed Jul 10 15:05:52 2013

    ProFTPD Version 1.3.4a

    Its running on a solaris 10 system but that's not relevant i am sure - I'm asking here cos its a sort of generic linux/unix/config query.

    Basically historically we have implemented proftp as one user account = one chrooted directy.

    something like

    <Anonymous /content/folder1>
    User user1
    Group ftpusers
    AnonRequirePassword on
    MaxClients 10
    AllowOverwrite off
    <Limit ALL>
    AllowAll
    </Limit>
    <Limit CDUP CWD XCWD XCUP PWD XPWD>
    AllowAll
    </Limit>
    <Limit STOR STOU>
    AllowAll
    </Limit>
    </Anonymous>

    where /content contains multiple (ftp) locations/directories below it

    eg
    /content/folder1
    /content/folder2
    /content/folder3
    /content/folder4
    etc...

    all the folders have the same unix ownerships and permissions

    however... I have been asked if it is possible to have ONE ftp account for multiple folders but not all.

    eg
    "top_user" can use /content/folder1 & /content/folder2 but not /content/folder3 and /content/folder4

    If I set top_user's chroot folder to be /Content that use can still access folder3 & folder 4 that I don;t want.

    Any ideas as to how i can achieve this?

    ian

    --- MBSE BBS v1.0.0 (GNU/Linux-i386)
    * Origin: The Kofo System II BBS telnet://fido2.kofobbs.
  • From Jan Gerrit Kootstra@110:300/11 to All on Wed Jul 10 20:50:48 2013

    Op 10-07-13 17:05, ian diddams schreef:
    ProFTPD Version 1.3.4a

    Its running on a solaris 10 system but that's not relevant i am sure - I'm
    asking here cos its a sort of generic linux/unix/config query.

    Basically historically we have implemented proftp as one user account = one
    chrooted directy.

    something like

    <Anonymous /content/folder1>
    User user1
    Group ftpusers
    AnonRequirePassword on
    MaxClients 10
    AllowOverwrite off
    <Limit ALL>
    AllowAll
    </Limit>
    <Limit CDUP CWD XCWD XCUP PWD XPWD>
    AllowAll
    </Limit>
    <Limit STOR STOU>
    AllowAll
    </Limit>
    </Anonymous>

    where /content contains multiple (ftp) locations/directories below it

    eg
    /content/folder1
    /content/folder2
    /content/folder3
    /content/folder4
    etc...

    all the folders have the same unix ownerships and permissions

    however... I have been asked if it is possible to have ONE ftp account for
    multiple folders but not all.

    eg
    "top_user" can use /content/folder1 & /content/folder2 but not
    /content/folder3 and /content/folder4

    If I set top_user's chroot folder to be /Content that use can still access
    folder3 & folder 4 that I don;t want.

    Any ideas as to how i can achieve this?

    ian

    Ian,


    If you do not grant top_user user rights to the /content/folder3 and /content/folder4 at Solaris level.

    like

    rwxr-x--- top_user top_group /content
    rwxr-x--- top_user top_group /content/folder1
    rwxr-x--- top_user top_group /content/folder2
    rwxr-x--- folder3_user group3 /content/folder3
    rwxr-x--- folder3_user group4 /content/folder4

    Would this work on Solaris10?


    Kind regards,


    Jan Gerrit Kootstra

    --- MBSE BBS v1.0.0 (GNU/Linux-i386)
    * Origin: Aioe.org NNTP Server (110:300/11@linuxnet)