Skip site navigation (1)Skip section navigation (2)
Date:      30 Jun 1999 13:34:06 -0400
From:      Chris Shenton <cshenton@uucom.com>
To:        Jorge Biquez <jbiquez@icsmx.com>
Cc:        freebsd-questions@FreeBSD.ORG
Subject:   Re: Freebsd for ISP Resources.
Message-ID:  <lf3dz98uep.fsf@Samizdat.uucom.com>
In-Reply-To: Jorge Biquez's message of "Wed, 30 Jun 1999 08:35:40 %2B0000"
References:  <3.0.6.32.19990630083540.008d4310@intranet.com.mx>

next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 30 Jun 1999 08:35:40 +0000, Jorge Biquez <jbiquez@icsmx.com> said=
:

Jorge> I haven't give FTP access to other users but me there because I
Jorge> don't know how to restrict space to FTP users and restrict them
Jorge> to their directory only. I know this is something basic but at
Jorge> least to me that came from other OS has been a hard change. =


I can help with this; it took me half a day to find how to do it for
an ISP I support. Same problem: users were cruising each others
directories via ftp.  After I hacked and slashed the ftp daemon code's
#defines, here's what we finally found that's much easier :-)

=46rom "man ftpd":

       5.   If the user name appears in the file /etc/ftpchroot, or the
	    user is a member of a group with a group entry in this file,
	    i.e. one prefixed with `@', the session's root will be changed
	    to the user's login directory by chroot(2) as for an
	    ``anonymous'' or ``ftp'' account (see next item).  This facil-
	    ity may also be triggered by enabling the boolean "ftp-chroot"
	    capability in login.conf(5).  However, the user must still
	    supply a password.  This feature is intended as a compromise
	    between a fully anonymous account and a fully privileged ac-
	    count.  The account should also be set up as for an anonymous
	    account.

The man page for login.conf doesn't say specifically how to do this,
but eventually, I figured it out. Specify the "ftp-chroot" as a
termcap-style flag (no numeric/string value) for the "default" user.
Ours looks like the following, see the last line:

    default:\
	    :copyright=3D/etc/COPYRIGHT:\
	    :welcome=3D/etc/motd:\
	    :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,EDITOR=3D/usr/bin/ee:\
	    :path=3D~/bin /bin /usr/bin /usr/local/bin:\
	    :manpath=3D/usr/share/man /usr/local/man:\
	    :nologin=3D/etc/nologin:\
	    :cputime=3Dunlimited:\
	    :datasize=3Dunlimited:\
	    :stacksize=3Dunlimited:\
	    :memorylocked=3Dunlimited:\
	    :memoryuse=3Dunlimited:\
	    :filesize=3Dunlimited:\
	    :coredumpsize=3Dunlimited:\
	    :openfiles=3Dunlimited:\
	    :maxproc=3Dunlimited:\
	    :priority=3D0:\
	    :ignoretime@:\
	    :umask=3D022:\
	    :ftp-chroot:


Jorge> Could you give me your advice on resources to learn this?.  Or
Jorge> maybe do you have the book and would you like to sell it to me?
Jorge> ;)

The FreeBSD handbook is excellent, though not specific to ISPs. Others
have mentioned the freebsd-isp mailing list.  Lots of great O'Reilly
books on sysadm but nothing specific to FreeBSD.  Probably freebsd-isp
is the best place; and search the archives on www.freebsd.org.

Later.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lf3dz98uep.fsf>