The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Lock users into their /home dir

Discussion in 'General Discussion' started by nurvox, Jun 2, 2007.

  1. nurvox

    nurvox Member

    Joined:
    Jun 2, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hello,

    I am having trouble locking users into their own directory's so they are unable to browse through the server.

    I only want the user to be able to browse their own files, not anything on the server.

    Is there anyway to set this up? (tried google'ing it, no luck)

    Cheers,

    Piers
     
  2. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    Why do you think they are browsing the entire server? The only way this is possible by providing root access to each account.

    Perhaps you are logging into a cpanel with root password and seeing the dropdown list for all domains?
     
  3. nurvox

    nurvox Member

    Joined:
    Jun 2, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Sorry, I should have been clearer on my previous post. When a user logs into their account via FTP, they are able to go "up a level" and browse all the dir's apart from other users, but they can see files on the server. I would like to lock users to their own directorys so they are unable to go "up a level" etc.

    I have tried this from different account types only using their details to login, not the root login.

    Thanks

    Piers.
     
    #3 nurvox, Jun 3, 2007
    Last edited: Jun 3, 2007
  4. yapluka

    yapluka Well-Known Member

    Joined:
    Dec 24, 2003
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    France
    cPanel Access Level:
    Root Administrator
    Did you log through FTP or through SFTP ? What you're describing looks more like SFTP...
     
  5. nurvox

    nurvox Member

    Joined:
    Jun 2, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Hi, thank you for the fast reply.

    I think it was SFTP, port 21 wouldnt work for some reason so i tried 22, would this make it sftp?

    Thanks,

    Piers

    ps: sorry for my ignorance.
     
  6. yapluka

    yapluka Well-Known Member

    Joined:
    Dec 24, 2003
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    France
    cPanel Access Level:
    Root Administrator
    Yes, port 22 is the default SSH port.
    Default cpanel shell now gives SFTP access, even when the user doesn't have shell access.

    FTP is chrooted to the /home/user/ folder only, SFTP is jailshelled and has more access. If your server is properly secured, this shouldn't be a problem.
     
  7. nurvox

    nurvox Member

    Joined:
    Jun 2, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Thank you again for a fast reply,

    The server is secure (hopefuly), users should be using port 21 to access their ftp's shouldnt they?

    Thank you,

    Piers
     
  8. yapluka

    yapluka Well-Known Member

    Joined:
    Dec 24, 2003
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    France
    cPanel Access Level:
    Root Administrator
    FTP default port is 21 and SSH (SFTP) is 22.
    If you don't want your customers to use SFTP, you can change the SSH port in /etc/ssh/ssh_config (don't forget to open the new port in your firewall if you have one).
    This is the easiest way to prevent SFTP access, the most efficient being to disable password authentication and allow pubkey only authentication.
     
  9. nurvox

    nurvox Member

    Joined:
    Jun 2, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    How can i disable password authentication and allow pubkey only authentication? I think that is the best option.

    Thanks,

    Piers :)
     
  10. eNetHosts

    eNetHosts Well-Known Member

    Joined:
    Apr 21, 2007
    Messages:
    195
    Likes Received:
    0
    Trophy Points:
    16
    It shouldn't really matter if they can go up a level because it's only the files and directories that are relevant to their account that they will see.

    They should drop into /home anyway and then go to public_html to do whatever they need to.
     
  11. yapluka

    yapluka Well-Known Member

    Joined:
    Dec 24, 2003
    Messages:
    301
    Likes Received:
    1
    Trophy Points:
    18
    Location:
    France
    cPanel Access Level:
    Root Administrator
    In Your WHM >> Security Center >> SSH Password Auth Tweak
    You can create and manage the keys in WHM >> Manage SSH Keys
     
  12. jayh38

    jayh38 Well-Known Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    Do take Yapluka's advice and change your ssh port at the very least.
     
  13. nurvox

    nurvox Member

    Joined:
    Jun 2, 2007
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    thanks for the help.

    looking into these key thing atm, although getting a bit confused.
     
Loading...

Share This Page