Date: 30 Jun 1999 13:34:06 -0400 From: Chris Shenton <cshenton@uucom.com> To: Jorge Biquez <jbiquez@icsmx.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Freebsd for ISP Resources. Message-ID: <lf3dz98uep.fsf@Samizdat.uucom.com> In-Reply-To: Jorge Biquez's message of "Wed, 30 Jun 1999 08:35:40 %2B0000" References: <3.0.6.32.19990630083540.008d4310@intranet.com.mx>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 30 Jun 1999 08:35:40 +0000, Jorge Biquez <jbiquez@icsmx.com> said:
Jorge> I haven't give FTP access to other users but me there because I
Jorge> don't know how to restrict space to FTP users and restrict them
Jorge> to their directory only. I know this is something basic but at
Jorge> least to me that came from other OS has been a hard change.
I can help with this; it took me half a day to find how to do it for
an ISP I support. Same problem: users were cruising each others
directories via ftp. After I hacked and slashed the ftp daemon code's
#defines, here's what we finally found that's much easier :-)
From "man ftpd":
5. If the user name appears in the file /etc/ftpchroot, or the
user is a member of a group with a group entry in this file,
i.e. one prefixed with `@', the session's root will be changed
to the user's login directory by chroot(2) as for an
``anonymous'' or ``ftp'' account (see next item). This facil-
ity may also be triggered by enabling the boolean "ftp-chroot"
capability in login.conf(5). However, the user must still
supply a password. This feature is intended as a compromise
between a fully anonymous account and a fully privileged ac-
count. The account should also be set up as for an anonymous
account.
The man page for login.conf doesn't say specifically how to do this,
but eventually, I figured it out. Specify the "ftp-chroot" as a
termcap-style flag (no numeric/string value) for the "default" user.
Ours looks like the following, see the last line:
default:\
:copyright=/etc/COPYRIGHT:\
:welcome=/etc/motd:\
:setenv=MAIL=/var/mail/$,BLOCKSIZE=K,EDITOR=/usr/bin/ee:\
:path=~/bin /bin /usr/bin /usr/local/bin:\
:manpath=/usr/share/man /usr/local/man:\
:nologin=/etc/nologin:\
:cputime=unlimited:\
:datasize=unlimited:\
:stacksize=unlimited:\
:memorylocked=unlimited:\
:memoryuse=unlimited:\
:filesize=unlimited:\
:coredumpsize=unlimited:\
:openfiles=unlimited:\
:maxproc=unlimited:\
:priority=0:\
:ignoretime@:\
:umask=022:\
:ftp-chroot:
Jorge> Could you give me your advice on resources to learn this?. Or
Jorge> maybe do you have the book and would you like to sell it to me?
Jorge> ;)
The FreeBSD handbook is excellent, though not specific to ISPs. Others
have mentioned the freebsd-isp mailing list. Lots of great O'Reilly
books on sysadm but nothing specific to FreeBSD. Probably freebsd-isp
is the best place; and search the archives on www.freebsd.org.
Later.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lf3dz98uep.fsf>