Your best friend for file transfer.

Fetch application logoFetch

Stopping client access to other folders (3 posts)

  • Started 6 years ago by chlowden
  • Latest reply 6 years ago from Scott McGuire
  • chlowden Member

    I have a mac 10.4.11 that I am using for file xfers. I create a user and using apache have the ftp up and running in seconds. Fantastic! My problem is that, once the client has got passed the user password, using the path button, the user can go anywhere he likes, all the way up to the root. Admittedly, he cannot open all the files but he can see everything. Naturally, what I want is for the client to be restricted to the ftp folder that I designate, but I cannot find a way of blocking the curious from being curious. I have tried changing the authorisations, which stop downloads but it does not stop restrict access. Is there a solution?

    Posted 6 years ago #

  • chlowden Member

    I have found the answer and it works thanks to this page:

    http://www.utm.edu/staff/tmartin/second/knowledge%20base/network_macintosh_prevent_ftp_access.htm

    I have copied the page below (plus addeda couple of additions for those of you I like who need all the steps.)

    Controlling FTP

    The FTP sever normally allows remote users to go outside their home folders, but it can be configured to restrict users individually to their own home folders. This configuration requires the use of the Terminal application and the System Administrator (root user) account.
    What to make

    First, you create a text file containing a list of user accounts that you want to restrict. You put the short name of each user account on a separate line, making sure to press return after the last name. For example, the following list restricts user atlas and medusa to their home folders when they log in for FTP access:

    atlas

    medusa

    In addition to restricting FTP access for individual users, you can restrict access for groups of users. For each group that you want to restrict, you simply add a line to the text file consisting of an @ symbol followed by the group name. Because all Mac OS X user accounts belong to the staff group, a file containing the following lines (the last line being blank) restricts all users to their home directories when the log in for FTP access to your computer:

    @staff

    How to use it

    When you save the text file, name it ftpchroot and put it tin your home folder (home folder is your user folder). This file must be plain text. If you want use the TextEdit application to create this file, you must choose Format > Make Plain Text before saving the file. After saving the file, change the file name so that it does not end with .txt (do apple I and erase the txt extension in the name section. Text icon becomes a blank icon)

    Duplicate this file.

    After saving the file ftpchroot in your home folder, use the NetInfo Manager application to enable the root user. Make sure you know the root user's password.

    Next open the Terminal application and type the following command:

    sudo mv ~/ftpchroot /etc

    The ftpchroot file will disappear and will be put in an invisible file called etc (hence why the duplicate, to make it easier to revise)

    Posted 6 years ago #

  • Scott McGuire Administrator

    Hi,

    We're glad you found a solution and thanks for sharing it.

    Best,

    Scott McGuire
    Fetch Softworks

    Posted 6 years ago #

Reply

  • Or nickname, if you prefer.
  • This will be kept confidential.
  • This is to ensure that you’re a person, not a spambot.