Newbie Question: FTP access

I

IslandJordan

Registered
I know I am likely playing with things I should because I have very little knowledge of UNIX. but there's no better way to learn then by experimenting, right?

So my school network gives me a static IP. So I could access files from friends' computers, etc, I turned on FTP access and I go in through a web browser, which has been working fine. HOWEVER, I've created a user for my friend on my computer since her's is broken. When she logs in at my computer, I feel like she can't do any harm because she can only play with the stuff in her home directory. She can't even LOOK at things in mine. HOWEVER, when she logs in via FTP, she's got full range of the entire computer. Why is this? Why doesn't it say "Permission Denied" when she tries to access my home directory, for instance? Is there a way I can protect this?

Thanks a lot,

Jordan
 
Jadey gave us this one the other day. What you have to do is make a "chroot jail" for your users. Quote:

How-to: Setup a chroot jail for your FTP users

This How-to will explain how to restrict your FTP users to their home directory, so they won't be able to look at any directories higher than their own.

Launch Terminal (in Applications -> Utilities)

type: cd /etc
sudo pico ftpchroot

Type the valid usernames of people in this file that you want to be restricted to their own directory when they FTP into their machine. Separate each entry by a carriage return. This file will look simply like this:

ebunny
sclaus
tfairy

Then save the file by holding down the Control key and hitting X. This will create the file ftpchroot in the /etc directory.

Now restart your FTP server by turning it off then on again in your Sharing Control panel. Done!

(We also discussed how to set custom messages for FTP access. See this thread.
 
yes you can limit her to just her directory. Go to Macosxhints.com and do a search. There is a detailed explanation of how to do this. Or you could setup and anonymous account and limit here to the pub directory for downloading and the incoming directory for uploading.
Good Luck.
 
You must log in or register to reply here.
Back
Top