Hiding other client's files

Discussion in 'Installation/Configuration' started by mrdek11, May 17, 2007.

  1. mrdek11

    mrdek11 New Member

    Hi, on my registrar's host, you can FTP/SSH to the server, and only see system files, and your own files... Is there a way to do this with ispconfig?
    Such as, if you're logged on as web3_derek, you cannot see web1's files, or web2's files, etc...? I want to allow users to log in via FTP or SSH and still only be able to see their own files.
    Thanks!
     
  2. till

    till Super Moderator Staff Member ISPConfig Developer

    FTP: Enable chrooting to the users home directory in your proftpd.conf file.

    SSH: Compile your SSH server to support chrooting and then enable chrooting for SSH in ISPConfig.
     
  3. mrdek11

    mrdek11 New Member

    Hi, I've looked into chrooting, and can't get it to work. How can I automatically make it so all users except root can only see their /var/www/web# directory, and its subdirecotires?
    My users connect via an ftp program (most use WinSCP), and I'd like to keep them locked inside their files, so they cant see other client's sources etc.
    They connect to my proftpd server I believe, whatever is on port 22.
    I used the dapper drake perfect setup. Is there a way to automaticlly lock all users to their directory, except for root?
    Thanks!
     
  4. mrdek11

    mrdek11 New Member

    I just tried the chroot SSH howto, and it doesn't work.
    http://www.howtoforge.com/chrooted_ssh_howto_debian

    When I get to the part where I do this:
    APPS="/bin/bash /bin/ls /bin/mkdir /bin/mv /bin/pwd /bin/rm /usr/bin/id /usr/bin/ssh /bin/ping /usr/bin/dircolors"
    for prog in $APPS; do
    cp $prog ./$prog

    # obtain a list of related libraries
    ldd $prog > /dev/null
    if [ "$?" = 0 ] ; then
    LIBS=`ldd $prog | awk '{ print $3 }'`
    for l in $LIBS; do
    mkdir -p ./`dirname $l` > /dev/null 2>&1
    cp $l ./$l
    done
    fi
    done

    It returns:

    cp: cannot stat `(0xffffe000)': No such file or directory
    cp: cannot stat `(0xffffe000)': No such file or directory
    cp: cannot stat `(0xffffe000)': No such file or directory
    cp: cannot stat `(0xffffe000)': No such file or directory
    cp: cannot stat `(0xffffe000)': No such file or directory
    cp: cannot stat `(0xffffe000)': No such file or directory
    cp: cannot stat `(0xffffe000)': No such file or directory
    cp: cannot stat `(0xffffe000)': No such file or directory
    cp: cannot stat `(0xffffe000)': No such file or directory
    cp: cannot stat `(0xffffe000)': No such file or directory





    And the chrooting doesn't work. Also, if somebody can help me, and I get it working, how would I make ispconfig auto-chroot the user to their directory? Thanks!
     
  5. till

    till Super Moderator Staff Member ISPConfig Developer

    You do not have to run the ssh chrooting script as this is all handled by ISPConfig. Just enable chrooting in /home/admispconfig/ispconfig/lib/config.inc.php and every new or updated user will be chrooted when your SSH daemon supports chrooting.
     
  6. mrdek11

    mrdek11 New Member

    Why did you tell me I needed to recompile my ssh to enable chrooting if ispconfig handles it?

    Also, I enabled it in that conf file, and nothing happened. I added/updated my users and they can still see the entire system.
     
  7. till

    till Super Moderator Staff Member ISPConfig Developer

    Becuse you first have to recompile SSH before you can enable it in ISPConfig.
     
  8. mrdek11

    mrdek11 New Member

    Alright... How would I go about doing that? I thought thats what I was doing in the chroot ssh howto..
     
  9. till

    till Super Moderator Staff Member ISPConfig Developer

    1) Recompile SSH as described in the howto. What you did above and what caused you the error is that you tried to chroot a user account manually.

    2) Enable chrooting in ISPConfig and make sure that you restarted your SSH server.

    3) Update a user account or create a new one. Then check if a dot has been inserted in the home path of the user in /etc/passwd.
     

Share This Page