From owner-freebsd-stable Sun Jul 2 21: 7:48 2000 Delivered-To: freebsd-stable@freebsd.org Received: from www.svzserv.kemerovo.su (www.svzserv.kemerovo.su [213.184.65.80]) by hub.freebsd.org (Postfix) with ESMTP id 7720437B544 for ; Sun, 2 Jul 2000 21:07:38 -0700 (PDT) (envelope-from eugen@svzserv.kemerovo.su) Received: from svzserv.kemerovo.su (kost.svzserv.kemerovo.su [213.184.65.82]) by www.svzserv.kemerovo.su (8.9.3/8.9.3) with ESMTP id MAA25449 for ; Mon, 3 Jul 2000 12:07:33 +0800 (KRAST) (envelope-from eugen@svzserv.kemerovo.su) Message-ID: <396011BC.FF5BC047@svzserv.kemerovo.su> Date: Mon, 03 Jul 2000 12:08:28 +0800 From: Eugene Grosbein Organization: SVZServ X-Mailer: Mozilla 4.7 [en] (Win95; I) X-Accept-Language: ru,en MIME-Version: 1.0 To: freebsd-stable@FreeBSD.ORG Subject: ipfw add 1000 allow log tcp from any to any 21 gid test Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hello! I try to implement access limits to my FTP site for some GID. I use recent FreeBSD 3.5-STABLE, standard ftpd and ipfw. /etc/ftpchroot has a record: @test For some reason, I cannot use non-standard ftp servers like ProFTPd etc. Filtering ftp control connection seems to be enough. But it does not work. When I use rule 'allow log tcp from any to any 21 gid test', it does not match packets. It does, however, when I omit 'gid test'. I make ftp connection from another machine as user test, then 'ps -o rgid,command|grep ftpd' says: 2077 1003 ftpd: my.work.station: test: LIST\r\n (ftpd) It's all right, user test has uid 2077, it's primary group is test(gid 1003). But why packets does not match? Eugene Grosbein To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message