I can see too much

Advertisement

padrazo
Guest

I can see too much

i just installed WinSCP for the first time and want to use it rather than ftp to upload stuff from my desktop to my webServer.

Using Win2003 for my Desktop WorkStation
Using Debian Sarge w Apache2 for my Server

Main Problem: when i log into the server I can browse the entire file system
Secondary Problem: I can write to files in
/home/padrazo
but i can not write to files in
/var/www/kingdom/
Tertiary Problem:
I can not log into the server over the internet
i.e. login to zen.padrazo.com fails but logging into my local network IP works just fine.

I know, I need help beyond the scope of your forum, nevertheless any help is appreciated.

Reply with quote

Advertisement

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: I can see too much

With SFTP you generally have the same permissions as if you were logged in terminal. So if you want to limit your permissions, limit permissions of your account. You may use some chroot tool. but I have never does this before, so I cannot give you advice. You may search the forum, there were some hints from other users posted here.

Reply with quote

driver816
Guest

Re: I can see too much

I have found that WinSCP requires view access to several directories:

\bin, \etc, \lib, \usr

I am able to secure the user data by removing permission for "Other", but WinSCP will not allow logons without all of these trees viewable.

I'm sure the entire tree is not needed. Is there a list of requisite files on the server?

Reply with quote

martin
Site Admin
martin avatar
Joined:
Posts:
40,476
Location:
Prague, Czechia

Re: I can see too much

driver816 wrote:

I'm sure the entire tree is not needed. Is there a list of requisite files on the server?
There is list of required commands. So WinSCP must have access to directories where these commands are located. This is platform-specific, so I cannot give you a list. However this is valid only for SCP. With SFTP WinSCP needs access to SFTP server only. Of course as long as the server itself does not need access to other paths. But it is again platform specific.

Reply with quote

Advertisement

You can post new topics in this forum