Limit ftp directory when SFTP

5 posts / 0 new
Topic locked
Last post
#1 Mon, 03/10/2014 - 05:19
guistack

Limit ftp directory when SFTP

Hi ,

i'm refering to How can I prevent FTP Users from Browsing the Entire Filesystem? in https://www.virtualmin.com/documentation/security/faq

It seems no work when i'm conect in SFTP , is it normal ?! How can i achieve it with an SFTP conexion ?

thanks, Jess

Mon, 03/10/2014 - 07:41
Locutus

SFTP uses file transfer via SSH, and thus falls under the same category as SSH in terms of "restrict directory visibility". Short answer: It can be done, but it requires lots of fiddling with jails and changeroot environments and specially crafted shells.

Large hosting companies usually do that, but Virtualmin is not really prepared for it. So you'd have to set this up manually, and it's recommended to try that only if you're very well-versed with the intricacies of your respective Linux distro. :)

Also note that, if this is a security consideration, there are other ways to browse the whole filesystem than SFTP. The webspace customer could e.g. simply upload a PHP-based file browser, and it's quite hard to prevent PHP from traversing the file system. At least not without severely restricting its functionality, possibly rendering other sites unusable.

Mon, 03/10/2014 - 08:47
andreychek

Howdy,

In addition to what Locutus mentioned, there's some documentation on those issues here in the security FAQ:

https://www.virtualmin.com/documentation/security/faq

Mon, 03/10/2014 - 09:57
jimdunn

Or you could use FTPeS (mod_tls):

http://www.virtualmin.com/node/29262

: )

Mon, 03/10/2014 - 13:00
guistack

thanks for great answers, i'm gona thinking to FTPES so

thanks Jess

Topic locked