The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Restricting directory visibility for pure ftpd

Discussion in 'General Discussion' started by azirus, Sep 22, 2010.

  1. azirus

    azirus Registered

    Joined:
    Sep 22, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hy,

    i have problem with pure ftpd, my users can view my root directory.

    how to restrict directory visibility for my users, to view only own /home directory.

    Thanks
     
  2. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    By default, this should not be allowed. Each FTP user should be "caged" in his own home directory. What is the value of the following directive in /etc/pure-ftpd.conf on your server?

    Code:
    # Cage in every user in his home directory
    
    ChrootEveryone yes
    If this is on, each cPanel account user should only be able to traverse that account's home directory when logged in via FTP.
     
  3. azirus

    azirus Registered

    Joined:
    Sep 22, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    This is configuration in mu etc/pure-ftpd.conf file:

    # Cage in every user in his home directory

    ChrootEveryone yes

    every user can view my root files , but can`t edit them.
     
  4. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Please submit a ticket

    This should not be happening in a default cPanel configuration of Pure-FTPd. Please submit a ticket so that we may investigate this directly, because what you describe is an unusual situation and should not be happening.
     
  5. azirus

    azirus Registered

    Joined:
    Sep 22, 2010
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I solve the problem :)... Thanks...
     
  6. cPanelJared

    cPanelJared Technical Analyst
    Staff Member

    Joined:
    Feb 25, 2010
    Messages:
    1,842
    Likes Received:
    18
    Trophy Points:
    38
    Location:
    Houston, TX
    cPanel Access Level:
    Root Administrator
    Do you mind sharing what you did to solve the problem? Sharing may help other users in the future who may encounter the same issue.
     
  7. zerpex

    zerpex Member

    Joined:
    Oct 17, 2011
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I'm facing same problem, ChrootEveryone yes is set in the pure-ftpd.conf file in the etc folder.. I've been trying to find a solution the last few weeks, then I found this.. with no solution..

    I'll make a ticket.
     
  8. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    Please post the ticket number upon submitting one so we can ensure the solution is posted to this thread this time for future reference.
     
  9. argamak

    argamak Member

    Joined:
    Sep 2, 2011
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Seems like nobody is interested in sharing...
     
  10. rhamie

    rhamie Member

    Joined:
    May 29, 2013
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I am having same problem with pure-ftpd

    # Cage in every user in his home directory
    ChrootEveryone yes

    Any way out of this.
     
  11. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,724
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Are you sure the user is able to view directories outside of their own home directory? For example, what files can they access? Also, are you positive they are using FTP and not SFTP?

    Thank you.
     
  12. rhamie

    rhamie Member

    Joined:
    May 29, 2013
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks for the prompt response.
    They are actually using SFTP with Filezilla and yes I am sure they are.
    /etc (with other root folders) and infact able to download but not upload.

    What do you say i do?
     
    #12 rhamie, May 31, 2013
    Last edited: May 31, 2013
  13. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,724
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    This is normal behavior for SFTP. SFTP uses a shell environment and access is only granted to the cPanel account username. Access to SFTP is not granted to virtual FTP accounts that are created via the "FTP Accounts" option within cPanel. With SFTP, users can browse to higher level directories. However, they are not able to modify or view the contents of any files they do not have access to. This is similar to how jailshell works for SSH access. If you prefer to disable SFTP for the entire server, you can modify the following file:

    Code:
    # /etc/ssh/sshd_config
    Within this file, comment out the following line:

    Code:
    Subsystem sftp /usr/libexec/openssh/sftp-server
    Once you save the file, you can restart SSH to ensure the change takes effect.

    Code:
    # service sshd restart
    Thank you.
     
  14. rhamie

    rhamie Member

    Joined:
    May 29, 2013
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    Thanks,

    I have to keep SFTP as there are no virtual FTP accounts allowed on the network except for cpanel accounts owners.
     
  15. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,724
    Likes Received:
    660
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
Loading...

Share This Page