Lock users into their /home dir

nurvox

Member
Jun 2, 2007
6
0
151
Hello,

I am having trouble locking users into their own directory's so they are unable to browse through the server.

I only want the user to be able to browse their own files, not anything on the server.

Is there anyway to set this up? (tried google'ing it, no luck)

Cheers,

Piers
 

jayh38

Well-Known Member
Mar 3, 2006
1,212
0
166
Why do you think they are browsing the entire server? The only way this is possible by providing root access to each account.

Perhaps you are logging into a cpanel with root password and seeing the dropdown list for all domains?
 

nurvox

Member
Jun 2, 2007
6
0
151
Sorry, I should have been clearer on my previous post. When a user logs into their account via FTP, they are able to go "up a level" and browse all the dir's apart from other users, but they can see files on the server. I would like to lock users to their own directorys so they are unable to go "up a level" etc.

I have tried this from different account types only using their details to login, not the root login.

Thanks

Piers.
 
Last edited:

nurvox

Member
Jun 2, 2007
6
0
151
Hi, thank you for the fast reply.

I think it was SFTP, port 21 wouldnt work for some reason so i tried 22, would this make it sftp?

Thanks,

Piers

ps: sorry for my ignorance.
 

yapluka

Well-Known Member
Dec 24, 2003
301
1
168
France
cPanel Access Level
Root Administrator
Yes, port 22 is the default SSH port.
Default cpanel shell now gives SFTP access, even when the user doesn't have shell access.

FTP is chrooted to the /home/user/ folder only, SFTP is jailshelled and has more access. If your server is properly secured, this shouldn't be a problem.
 

nurvox

Member
Jun 2, 2007
6
0
151
Thank you again for a fast reply,

The server is secure (hopefuly), users should be using port 21 to access their ftp's shouldnt they?

Thank you,

Piers
 

yapluka

Well-Known Member
Dec 24, 2003
301
1
168
France
cPanel Access Level
Root Administrator
FTP default port is 21 and SSH (SFTP) is 22.
If you don't want your customers to use SFTP, you can change the SSH port in /etc/ssh/ssh_config (don't forget to open the new port in your firewall if you have one).
This is the easiest way to prevent SFTP access, the most efficient being to disable password authentication and allow pubkey only authentication.
 

nurvox

Member
Jun 2, 2007
6
0
151
How can i disable password authentication and allow pubkey only authentication? I think that is the best option.

Thanks,

Piers :)
 

eNetHosts

Well-Known Member
Apr 21, 2007
191
0
166
It shouldn't really matter if they can go up a level because it's only the files and directories that are relevant to their account that they will see.

They should drop into /home anyway and then go to public_html to do whatever they need to.
 

yapluka

Well-Known Member
Dec 24, 2003
301
1
168
France
cPanel Access Level
Root Administrator
In Your WHM >> Security Center >> SSH Password Auth Tweak
You can create and manage the keys in WHM >> Manage SSH Keys
 

jayh38

Well-Known Member
Mar 3, 2006
1,212
0
166
Do take Yapluka's advice and change your ssh port at the very least.
 

nurvox

Member
Jun 2, 2007
6
0
151
thanks for the help.

looking into these key thing atm, although getting a bit confused.