Have you added connection tracking? If not, you need to edit the file /etc/sysconfig/iptables-config and add the ftp-specific connection tracking module to IPTABLES_MODULES
Have you fixed up the SELinux contexts?
Hello!
I want users in a certain group to be restricted to their home directory. So that they have full access to all files and folders in their home directory but the cant go to any directory above.
Does anyone know how to do this?
Anders (1 Reply)
Hi
I want to know which profile will be called when a user without home directory is created.
When I created a user without home directory(by setting in /etc/default/useradd), the user is able to login directly into the main "/" folder but with only read permissions.
Thanks
naina (3 Replies)
Hi,
I am looking for a shell script (or any other way), that puts a user in a home directory jail. So for example, I have a user named richard and I don't want him wandering outside /usr/users/richard. I don't want him to cd to anywhere including cd ..
Somebody said you can do that with... (3 Replies)
I'm using HPUX 11i. The other day a user logon to the workstation and was not able to find the /home/directory (tom is the directory) I login myself and it is the same thing.
The home directory is on the server, so I was thinking of using sam to map it again. does anyone know how to do it... (5 Replies)
Hi,
I am using Red Hat Enterprise Linux ES release 4 (Nahant Update 5). Here I have created one user with /sbin/nologin shll such that login is not possible only ftp is possible. But I want to do another thing that the user can not roam around after ftp.
I had tried one way.
in... (4 Replies)
Hi Guys,
I have a problem with configuring a server. this is a solaris 10 with sparc platform.
I have setup so that the server is Authenticating through NIS but I dont want the server to Mount the Home directories. The users need to logged in through the CDE/display.
I have over 200 users... (2 Replies)
Hey guys,
Hmm.. I'm not quite sure where to open this. If any mod thinks this is not the place, please move it to wherever its suited :)
So,
I want to allow some trusted users to scp files into my server (to an specific user), but I do not want to give these users a home, neither ssh... (1 Reply)
Hello,
I must close ssh users to the home directory.
It means the users musn't see anything inside their home directory.
For example after login to the os and type this command "cd .."
or "cd /" it musn't work.
How can I implement it?
(Probably chroot or rootsh but how?) (1 Reply)
In generally I use vsftp but I want to improve our security so I decide to use sftp instead of vsftp.
We know that ssh,scp and sftp are in openssh server.
How can I lock only sftp user to their home folder? And to prevent some users for sftp like root as such in vsftp daemon? (3 Replies)
Hi,
I have created a shared directory on /home, where all users on a certain group have read, write and execute permissions.
I did this using
chmod -R g+rwx /home/shared/
The problem is, when a particular user creates a directory within /home/shared, other users are not able to write to... (8 Replies)
Discussion started by: lost.identity
8 Replies
LEARN ABOUT OPENSOLARIS
ftpd_selinux
ftpd_selinux(8) ftpd SELinux policy documentation ftpd_selinux(8)NAME
ftpd_selinux - Security-Enhanced Linux policy for ftp daemons.
DESCRIPTION
Security-Enhanced Linux provides security for ftp daemons via flexible mandatory access control.
FILE_CONTEXTS
SELinux requires files to have a file type. File types may be specified with semanage and are restored with restorecon. Policy governs the
access that daemons have to files.
Allow ftp servers to read the /var/ftp directory by adding the public_content_t file type to the directory and by restoring the file type.
semanage fcontext -a -t public_content_t "/var/ftp(/.*)?"
restorecon -F -R -v /var/ftp
Allow ftp servers to read and write /var/tmp/incoming by adding the public_content_rw_t type to the directory and by restoring the file
type. This also requires the allow_ftpd_anon_write boolean to be set.
semanage fcontext -a -t public_content_rw_t "/var/ftp/incoming(/.*)?"
restorecon -F -R -v /var/ftp/incoming
BOOLEANS
SELinux policy is based on least privilege required and may also be customizable by setting a boolean with setsebool.
Allow ftp servers to read and write files with the public_content_rw_t file type.
setsebool -P allow_ftpd_anon_write on
Allow ftp servers to read or write files in the user home directories.
setsebool -P ftp_home_dir on
Allow ftp servers to read or write all files on the system.
setsebool -P allow_ftpd_full_access on
Allow ftp servers to use cifs for public file transfer services.
setsebool -P allow_ftpd_use_cifs on
Allow ftp servers to use nfs for public file transfer services.
setsebool -P allow_ftpd_use_nfs on
system-config-selinux is a GUI tool available to customize SELinux policy settings.
AUTHOR
This manual page was written by Dan Walsh <dwalsh@redhat.com>.
SEE ALSO selinux(8), ftpd(8), setsebool(8), semanage(8), restorecon(8)dwalsh@redhat.com 17 Jan 2005 ftpd_selinux(8)