Block FTP user to home directory – ProFTP

One day I was give a task where in FTP users needs to be blocked to their home directory only, user should not be allowed to access top level directory.  I started  configuring  vsftpd and tried  all possible ways  I could and I had no success.  Little bit  time of searching on google I came to know we have ProFTPD also which can be used as ftp server.

This blog is about how to install ProFTPD and configure in such a way that user is limited only to his home directory. My host machine is Ubuntu 12.04 LTS

Step 1 : Install proftpd

I will be using simple package manager which is available on ubuntu

aptitude install proftpd

This will install ProFTPD on you machine.

Step 2 :  Jail user to home directory in proftpd configuration file

Goto ProFTPD configuration file /etc/proftpd/proftpd.conf  and search for line ” DefaultRoot”

This will be commented you just need to remove it so,

Before  – > #DefaultRoot                    ~

After     – >   DefaultRoot                     ~

NOTE: After the defaultroot we have “~” symbol which tell its home directory, this is the statement which tell proftpd to stop user from moving to top directory. Simple 🙂

Step 3: Stop FTP user secure shell  access (SSH)  🙂

When a user is created which shell need to be give to a user is mentioned in /etc/passwd file.  Type of shell which system can use is mentioned in /etc/shell .

To Block one user from having SSH access what we need to do it, simply redirect the user to a false shell.  🙂

A) Define a false shell, add below line to  /etc/shell.

/bin/false

B) Edit the shell of user  in /etc/passwd

when user is created entry of that user in /etc/passwd is like below,

<ftp_user>:x:1001:1001::/usr/local/idsworld:/bin/sh

Change it to

<ftp_user>:x:1001:1001::/usr/local/idsworld:/bin/false

NOTE :  If shell which is being assigned to user is not mentioned in /etc/shell file then user will not be able to have any kind of access to system, including ftp and ssh.

STEP 4: Create user

useradd -m ftp_user -d /home/dire/of/ftp_user – Create user 

passwd ftp_user – Create Password 

a) -m will create home directory

b) -d is the location where the home directory will be created. It need not be /home always

If you have any problem feel free to contact me, I will always be happy to help you out 🙂

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s