Restrict FTP User to a Directory

fahdmirza · November 22, 2010, 6:38am

I am using Solaris 10 on SPARC.

SunOS ddw 5.10 Generic_139555-08 sun4u sparc SUNW,SPARC-Enterprise

I have put some text files in a directory '/u01/network'

I want to create a ftp user which can just read the files in the network directory. The ftp user shouldn't be able to navigate or see any other directory outside of the network directory.

Please advise.

bartus11 · November 22, 2010, 7:02am

Change user's home directory to /u01/network:

usermod -d /u01/network ftp_user

Then add:

restricted-uid ftp_user

to /etc/ftpd/ftpaccess file.

fahdmirza · November 22, 2010, 9:21am

bartus11, thanks.

After following your steps, when I try to login to the ftp server, I receive following error:

C:\>ftp 193.162.1.1
Connected to 193.162.1.1.
220 ddw FTP server ready.
User (193.162.1.1:(none)): ftp_user
331 Password required for ftp_user.
Password:
530 User ftp_user: can't change directory to /u01/network.

Login failed.
ftp>

The user ftp_usr is the owner of /u01/network directory.

Following are settings in /etc/passwd:

ftp_user:x:3008:1::/u01/network:/usr/bin/ftp-only

The settings in the /etc/ftpd/ftpaccess:

allow-retrieve relative class=realusers /u01/network

restricted-uid ftp_user

Please advise.

bartus11 · November 22, 2010, 10:31am

I think there needs to be 755 rights mode on "/u01".

fahdmirza · November 22, 2010, 10:57am

I gave 755 rights on the /u01,and it works.

Details are at Pakistan's First Oracle Blog.

---------- Post updated at 08:57 PM ---------- Previous update was at 08:48 PM ----------

Here is the full link to detail:

Pakistan's First Oracle Blog: Restrict FTP User to a Directory in Solaris