Skip to main content

How to Jail ftp users via ProFTPd

Installing and configuring ProFTPD

Installing and configuring ProFTPD so that a web user can login and be jailed to their home directory is very simple

Firstly install proftpd via your FreeBSD Ports Directory



Once installed copy the proftpd.conf sample file to proftpd.conf
Edit the file and uncomment #DefaultRoot ~ as per below





# To cause every FTP user to be "jailed" (chrooted) into their home
# directory, uncomment this line.
DefaultRoot ~

Then edit the proftpd startup script in /usr/local/etc/rc.d/
And change

proftpd_enable=$
to
proftpd_enable=$

edit your /etc/rc.conf file and add
proftpd_enable="YES"

Then start proftpd via the startup script

You should now be able to login as a user you created and you should only see your directory you should not be able to go back from /home/myuser to /home for instance

This is great for keeping clients in their vhost directory so that the can not traverse other directories.
Labels:

Comments

Post a Comment

Popular posts from this blog

Setting up and Installing Rancid on FreeBSD for Cisco Products

Setting up and Installing Rancid on FreeBSD for Cisco Products What is Rancid? Rancid is an application that monitors a devices configuration including software and hardware. The configuration is then stored in a Concurrent Version System or CVS. Most of the time it is used to back up router, switch and firewall configurations, as well as notify you when a configuration has changed, i.e a firewall rule or a routers IP address or access list change. here is an example of the output =================================================================== retrieving revision 1.29 diff -u -4 -r1.29 mpls-jhb-pe1 @@ -288,9 +288,9 @@ ! interface Serial0/0 description Link to Client X bandwidth 2048 - ip address 192.168.1.244 255.255.255.254 + ip address 192.168.1.234 255.255.255.254 ip route-cache flow ip tcp header-compression iphc-format ip tcp compression-connections 256 ! ip ospf message-digest-key 1 md5 the - symbol represents what was removed the + symbol represents what was added The abo
2 comments
Read more

Tacacs+ Install and Config Guide

Tacacs+ Install and Config Guide What is TACACS As per wikipedia Terminal access controller access control system (TACACS) is a remote authentication protocol that is used to communicate with an authentication server commonly used in UNIX networks. TACACS allows a remote access server to communicate with an authentication server in order to determine if the user has access to the network. Installing Tacacs on FreeBSD This guide is intended to be a basic implementation of TACACS+, so although there are may features I am just going to document what I generally use. Please note that tac_plus is also available from Shrubbery Networks if you would like to install and configure on another platform. You may also want to check out my Rancid How-To Once again its in your ports directory. cd to /usr/ports/net/tac_plus4/ run a "make install clean" Once installed vi /usr/local/etc/rc.d/tac_plus.sh Then Change the following line from NO to YES tac_plus_enable=$ Save the file, then vi /e
Post a Comment
Read more

FreeBSD, Postfix, Mailscanner and Mailwatch Installation

Installing postfix, mailscanner and mailwatch on FreeBSD I have setup a number of servers using mailscanner and postfix to do antispam and antivirus checking. This particular example will show you how to set the server up as a mail gateway. i.e. all inbound and outbound mail will go via this server. You can also use the server as a pop3/imap4 server and doing so, does make life a little easier as you don't have to worry about the transport and relay_hosts files. At a later stage I will show that info too..... when I get a chance. This my seem strange but as there is quite a bit involved in installing and configuring I am splitting this into two How-To's this one, The install How-To and the configuration How-To First off its probably best to start on a new install of FreeBSD. Once you have done the initial portsnap fetch and portsnap extract Right here we go. Two things you might want to do is force your NIC to 100MB full duplex and install lsof Type in ifconfig and check if the
1 comment
Read more