Resolved FTP Server problem - Everyone has access to /

Discussion in 'PowerPC Macs' started by user1690, Mar 18, 2014.

  1. user1690, Mar 18, 2014
    Last edited: Mar 18, 2014

    user1690 macrumors regular

    user1690

    Joined:
    Feb 13, 2011
    Location:
    Searching....
    #1
    Hey Guys!

    I'm having a bit of an issue, i need to setup a FTP server.. The setup itself is done but everytime we try to connect we get put to / rather than /Volumes/Fileserver (Which is where i need everyone who connects to goto).

    I have tried creating different accounts (Both admin and standard) to see if it made a difference but it doesnt. Everyone who connects with the logins i gave had full access to the root of the boot drive rather than the fileserver drive even though i had the fileserver drive set to be the only shared volume. I even tried moving the user folders (In the proper way) to the fileserver drive, to no avail.

    Any assistance would be appreciated. :D
     
  2. 128keaton macrumors 68020

    128keaton

    Joined:
    Jan 13, 2013
    #2
    It sounds like you need to outline the drive permissions. In Finder you can right click on the folders you want to disallow. But, If you wanted to make things easier, get (if PPC) Leopard Server, its nice since it has individual user control.
     
  3. user1690 thread starter macrumors regular

    user1690

    Joined:
    Feb 13, 2011
    Location:
    Searching....
    #3
    Disallowing all users access to the drive but me does nothing :( Everyone still gets connected to /
     
  4. 128keaton macrumors 68020

    128keaton

    Joined:
    Jan 13, 2013
    #4
    Odd. Well, I've never had much luck with FTP, so you might want to wait for someone who has more experience reply.
     
  5. user1690 thread starter macrumors regular

    user1690

    Joined:
    Feb 13, 2011
    Location:
    Searching....
    #5
    Odd indeed!

    I resolved the problem however by simply downloading pureftpd :D
    (http://jeanmatthieu.free.fr/pureftpd/)

    Thanks for your assistance too! :D
     
  6. AmestrisXServe macrumors 6502

    Joined:
    Feb 6, 2014
    #6
    o my knowledge, even with pureftpd, users will be able to read / , including /Volumes, and anything in a path beneath their local root. I use Apple Server Admin, and while I can set a user to view their local directory on login, without a lot of chroot work, users can walk the filesystem.

    I can't manage to build the latest jailkit release (via Macports), due to problems building python26, and python27; nor do I have any user documentation for jailkit on OSX. I do have all the Debian documentation that I could desire, but some basic differences between Linux and OSX make a lot of that useless.

    Apple really should have included a jail function in the kernel, ala FreeBSD. To have true, safe, SSH and FTP systems, you need to run a VM on the top of OSX, and use that VM for your hosting environment; else, keep all datum on volumes other than /, and use disk images for each account. This doesn't prevent filesystem walking entirely, but it does allow you to have AFP/SMB shares, that all users can't browse indiscriminately.

    The key thing to remember, is that all access above a user directory is available, and some paths must be readable, such as /Volumes, for *Nix filesystems to work at all. That is what makes jailing a user so bloody difficult.

    You may also want to install scponly, which is a shell for scp access, if you have users that you want to permit to transfer datum, but not see the filesystem. If they do not need a full shell, scponly may work for you, and is far more secure than ftp.
     
  7. user1690 thread starter macrumors regular

    user1690

    Joined:
    Feb 13, 2011
    Location:
    Searching....
    #7
    Well, pureftpd has definitely resolved my problem. I just tried it, attempting to access the root directory is now impossible for any connected user, even me. All that happens is, is the program/client we're using ads a .../ onto the directory structure but the directory actually doesnt change. So, i'm happy with that. :D
     
  8. AmestrisXServe macrumors 6502

    Joined:
    Feb 6, 2014
    #8
    Interesting: I wasn't aware that pureftpd created a chroot jail. That doesn't solve SSH related jail problems, but it does make the toolkit more useful than the standard ftpd.
     

Share This Page