Yahoo Answers is shutting down on May 4th, 2021 (Eastern Time) and the Yahoo Answers website is now in read-only mode. There will be no changes to other Yahoo properties or services, or your Yahoo account. You can find more information about the Yahoo Answers shutdown and how to download your data on this help page.
Trending News
How do i stop a vsftp users from browsing other directories.?
I have 5 sites in /var/www/site1.site2.site3,site4 and site5.
When i logon as user1 i am directed to site1 directory. The problem is i can back out and browse system directories.
I have chroot local users YES, Chroot list ENABLED, and user1 in chroot list.
I want to confine user1 to site1 directory. What am i missing here? any help appreciated.
WOW, thats a difficult solution, i thought it would be a "standard". Its pretty obvious thats what peopel would want to achieve? Thanks Richard but if thats the only solution NO FTPin.
2 Answers
- RichardLv 79 years agoFavorite Answer
I have done this on a Sun UNIX system where each user could log in and access their own files, but could not access anyone else's files.
First I created directories under what you have called /var/www with copies of certain system files. Typically, all the files in /bin that are needed to support the FTP process would be copied into /var/www/bin. Similarly, and files in other system directories were copied. All these system files were owned by root and were not writable by other users.
Next, I changed the ftp login program so that it performed a chroot to the parent directory of all the accounts. In your case /var/www and then exec'ed the original ftp program what was now located in /var/www/bin (or wherever it has to be stored).
Each user sub-directory had permissions so that only that user could access the contents of the sub-directory and consequently any lower level sub-directories.
The final step was to have a root level daemon that ran in the background and allowed the system to move information between users or to or from system processes running on the server. Since the root level daemon was not using chroot, it could access any files anywhere in the system.
FTP users could see other users' top level directories, but could not get into them. Also, as far as they were concerned the real directory /var/www was actually their / directory (because of the chroot), so they could not go up to the real superior directories. Even the binary executables in directories such as /var/www/bin did not have read access so they could not download those files.
- ?Lv 44 years ago
you realize how they say something like "We fell into one yet another's hands?" that merely approximately actually occurred with my mom and dad. My aunt became moving out of my grandparents' residing house, and her chum helped her pass, and he knew my father, and so my father went alongside for the journey while my aunt's chum helped her pass, and my mom became tagging alongside for the journey, as properly, and while my mom have been given interior the returned seat of the motor vehicle, my father became already sitting there together with his arm out and resting on the returned of the seat, as though it became an arm relax, and my mom ended up sitting the place my father's arm became prolonged out. So, my mom and dad met interior the returned seat of a automobile, with my father's arm around the place my mom sat down.
