Daniel Ouellet wrote:
i used ftpd (-4Dln) for users to upload their website(with /etc/ftpchroot
configured).
My problem, user can see content of others.
For example, 2ndxx can update his folder but he can see also the
content of
"firstxx" folder.
How can i restrict that ?
Well, you could setup no login in the master.passwd for that user and
assign the home directory to their web site folder. They will change
root to that and can't get out of it via ftp.
Or use for example PureFTPd which have similar functionality built-in
and can be used with *SQL or LDAP authentication so there would be no
need to use actual unix accounts.
That approach works only, however, if the web server isn't set up to run
CGI scripts or some scripting language like PHP, in which case it is a
piece of cake to write a script to look around in apaches entire
chroot():ed environment.
(I've long wished for a privsep apache with separate chroot():s for
every virtual domain... one of these days I'm gonna have to look into
it, but I suppose it's not trivial to implement or someone would have
done it by now. :-) )
/B
--
internetlabbet.se / work: +46 8 551 124 80 / "Words must
Benny LC6fgren / mobile: +46 70 718 11 90 / be weighed,
/ fax: +46 8 551 124 89 / not counted."
/ email: benny -at- internetlabbet.se
