Hi,
I read a thread where they were talking about ftp'ing into an account and viewing the .bashrc .bash_profile files. If you could edit these files then you could possibly give you access to restriced files or commands. How does that work?
Thanx,
Hi,
I read a thread where they were talking about ftp'ing into an account and viewing the .bashrc .bash_profile files. If you could edit these files then you could possibly give you access to restriced files or commands. How does that work?
Thanx,
If you could ftp into your own account and view .files I don't think there is a problem. Thats normal. Now if you could ftp into another users accoutn (or cwd into them) and view files thats a nother matter.
Linux ( and Unixes for that matter ) do not diffientiate whether you log in via FTP, Telnet or SSH. It is based on your log in ID. You will be able to view all the files that you are the owner of including files in your home directory including hidden files. That's normal.
But you should not be able to view other files outside of your home directory ( unless the admin screw it up big time ) ...
How do you restrict user access to ONLY their home dir????
Hello, if you're using proftpd then in your proftpd.conf file under the section <global> you could add this line
DefaultRoot ~
...however, your users can't follow symlinks out of their home directory...you have to use the mount --bind command to mount directories under the directories in their home dir. Also, you may want to check out this page for the DefaultRoot command.
http://proftpd.linux.co.uk/docs/dire...faultRoot.html
And maybe also this page for chroot and symlinks(mount --bind)
http://proftpd.linux.co.uk/localsite...-symlinks.html
Of course, all of the above assumes you are using proftpd.
Posting Permissions
Reply With Quote
Bookmarks