Date: Thu, 10 Oct 1996 16:45:08 +0100 From: Antonio Navarro Navarro <hostmaster@bemarnet.es> To: freebsd-security@FreeBSD.ORG Subject: Restricted access via FTP Message-ID: <2.2.32.19961010154508.0070ce84@host.bemarnet.es>
next in thread | raw e-mail | index | archive | help
Hello All ! I have created a user account named 'username' with 'shell=/nonexistent' (telnet access is not allowed), 'group=nogroup' and home directory = /home/www/username. The NCSA web server is running under user www (group www) and the home directory for the web pages is /home/www. When the user 'username' makes an FTP to the server, is allowed to update the files under the directory '/home/www/username' (this files can be viewed using a web navigator with the url http://www.bemarnet.es/username) but he also is allowed to do a 'cd \' or 'cd ..' and then look all the files in the server. How can I deny access to all the directory structure under /home/www/username ? Thanks a lot ! +-----------------------------------------------------------------------+ | Antonio Navarro Navarro E-mail: webmaster@bemarnet.es | +-----------------------------------------------------------------------+ | BemarNet Management Phone : +34-6-165.66.44 | | Makes business easier... ,,, Fax : +34-6-165.65.14 | | http://www.bemarnet.es (o o) | +------------------------------o00-(_)-00o------------------------------+ | Have a nice day - Have a nice day - Have a nice day - Have a nice day | +-----------------------------------------------------------------------+
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2.2.32.19961010154508.0070ce84>