Deny directory browsing in a Proftpd / Ubuntu Installation

Question

I used this guide to set up a Proftpd installation an Ubuntu 8.04 server... Works well, but the generic user ( userftp ) can run

ls

and is able to change to any Directory and browse freely on the server ..from the root

and upwards.. I added this line to etc/shells

/bin/false

in hopes that that would prevent this ... I really only want the userftp account to be able to upload to the generic

/home/FTP-Shared

directory, and be able to do nothing else on the server. How is this accomplished ... This is a headless Ubuntu box..and I am using CLI only .. no GUI admin tools

score 1 · Accepted Answer · answered Mar 24 '10 at 19:18

1

Have you considered chrooting proftpd into /home/FTP-Shared? Then it can't access anything outside of there.

answered Mar 24 '10 at 19:18

Cry Havok

1,845
13
10

Thanks, that was a helpful start...posting full solution below. – CaseyIT Mar 25 '10 at 11:27

score 1 · Answer 2 · answered Mar 25 '10 at 10:07

1

Cry Havok is correct, you will have to set up chrooting. Also, the /bin/false will restrict the user from ssh'ing to the box. It has nothing to do with the ftp behaviour itself.

answered Mar 25 '10 at 10:07

Iraklis

488
1
6
14

score 1 · Answer 3 · answered Mar 25 '10 at 11:31

1

To achieve this, all I had to do was uncomment this line :

DefaultRoot                     ~

from this file:

/etc/proftpd/proftpd.conf

and then run

sudo /etc/init.d/proftpd restart

answered Mar 25 '10 at 11:31

CaseyIT

427
3
8
14

Deny directory browsing in a Proftpd / Ubuntu Installation

3 Answers3