Daniel Ouellet wrote:
quoted text
>> i used ftpd (-4Dln) for users to upload their website(with /etc/ftpchroot
>> configured).
>> My problem, user can see content of others.
>> For example, 2ndxx can update his folder but he can see also the 
>> content of
>> "firstxx" folder.
>> How can i restrict that ?
> 
> Well, you could setup no login in the master.passwd for that user and 
> assign the home directory to their web site folder. They will change 
> root to that and can't get out of it via ftp.
> 

Or use for example PureFTPd which have similar functionality built-in 
and can be used with *SQL or LDAP authentication so there would be no 
need to use actual unix accounts.

That approach works only, however, if the web server isn't set up to run 
  CGI scripts or some scripting language like PHP, in which case it is a 
piece of cake to write a script to look around in apaches entire 
chroot():ed environment.

(I've long wished for a privsep apache with separate chroot():s for 
every virtual domain... one of these days I'm gonna have to look into 
it, but I suppose it's not trivial to implement or someone would have 
done it by now. :-) )


/B

-- 
internetlabbet.se     / work:   +46 8 551 124 80      / "Words must
Benny LC6fgren        /  mobile: +46 70 718 11 90     /   be weighed,
                     /   fax:    +46 8 551 124 89    /    not counted."
                    /    email:  benny -at- internetlabbet.se