FTP user directory restriction

Hi all,

I've recently purchased a VPS and running Ubuntu LTS. I've installed and setup ISPConfig 3.0.4.1 but ran into a slight niggle...

Users can FTP fine, but they can traverse directories. They can't access other client's folders, but they can see them (along with domain names). How do I restrict them so they can't come out of their own home directory? Is this something to do with Jailkit?

I don't think I have Jailkit installed, and by the looks of it, you can't install it after installing ISPConfig...?

 

Ah I see! Do you have a link to a how-to on doing that please?

I installed it from this guide, but I do admit I missed the part about editing /etc/fstab as I wasn't sure what I needed to enter.

http://www.howtoforge.com/perfect-server-ubuntu-10.04-lucid-lynx-ispconfig-3-p4

 

I did those steps in that chapter, and double checked, but it hasn't stopped logins traversing directories.

The only part in that chapter I didn't do was the fstab as I didn't know what I needed I put - do I use the exact line he added?

 

Do you mean pure-ftpd-common ?

Code:

# STANDALONE_OR_INETD
# valid values are "standalone" and "inetd".
# Any change here overrides the setting in debconf.
STANDALONE_OR_INETD=standalone

# VIRTUALCHROOT:
# whether to use binary with virtualchroot support
# valid values are "true" or "false"
# Any change here overrides the setting in debconf.
VIRTUALCHROOT=true

# UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
# pure-uploadscript will also be run to spawn the program given below
# for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
# pure-uploadscript(8)

# example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
UPLOADSCRIPT=

# if set, pure-uploadscript will spawn $UPLOADSCRIPT running as the
# given uid and gid
UPLOADUID=
UPLOADGID=

 

I do get this when I restart the Pure-FTP service:

Code:

Restarting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/PureDB: "/etc/pure-ftpd/pureftpd.pdb": No such file

 

I've run that, and restarted, and now I'm getting:

Code:

Restarting ftp server: Running: /usr/sbin/pure-ftpd-mysql-virtualchroot -l mysql:/etc/pure-ftpd/db/mysql.conf -l pam -O clf:/var/log/pure-ftpd/transfer.log -E -u 1000 -8 UTF-8 -Y 1 -B

Testing the FTP, and I can still see other users directories.

This is a log from my FTP client, and you can see that I'm able to access other clients (I can't see files), but I can the folders for their domains:

Code:

Response:	220---------- Welcome to Pure-FTPd [privsep] [TLS] ----------
Response:	220-You are user number 1 of 50 allowed.
Response:	220-Local time is now 10:09. Server port: 21.
Response:	220-This is a private system - No anonymous login
Response:	220-IPv6 connections are also welcome on this server.
Response:	220 You will be disconnected after 15 minutes of inactivity.
Command:	USER ***
Response:	331 User *** OK. Password required
Command:	PASS *********
Response:	230-User *** has group access to:  client1    sshusers  
Response:	230 OK. Current directory is /var/www/clients/client1/web16
Command:	OPTS UTF8 ON
Response:	200 OK, UTF-8 enabled
Status:	Connected
Status:	Retrieving directory listing...
Command:	PWD
Response:	257 "/var/www/clients/client1/web16" is your current location
Status:	Directory listing successful
Status:	Retrieving directory listing...
Command:	CWD /var/www/clients/client2/ANOTHERCLIENT.com
Response:	250 OK. Current directory is /var/www/clients/client2/web1
Command:	PWD
Response:	257 "/var/www/clients/client2/web1" is your current location
Status:	Directory listing successful

 

Thank you. Really appreciate the help.

FYI I haven't added the FTP user to any other groups - just added them as an FTP User through ISPConfig.