From owner-freebsd-questions Wed Jun 30 10:34:19 1999 Delivered-To: freebsd-questions@freebsd.org Received: from Samizdat.uucom.com (samizdat.uucom.com [198.202.217.54]) by hub.freebsd.org (Postfix) with ESMTP id 579711558C for ; Wed, 30 Jun 1999 10:34:10 -0700 (PDT) (envelope-from cshenton@uucom.com) Received: (from cshenton@localhost) by Samizdat.uucom.com (8.9.3/8.9.3) id NAA02800; Wed, 30 Jun 1999 13:34:06 -0400 (EDT) To: Jorge Biquez Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Freebsd for ISP Resources. References: <3.0.6.32.19990630083540.008d4310@intranet.com.mx> User-Agent: SEMI/1.13.3 (Komaiko) FLIM/1.12.5 (Hirahata) Emacs/20.3 (i386-pc-solaris2.7) MULE/4.0 (HANANOEN) MIME-Version: 1.0 (generated by SEMI 1.13.3 - "Komaiko") Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable From: Chris Shenton Date: 30 Jun 1999 13:34:06 -0400 In-Reply-To: Jorge Biquez's message of "Wed, 30 Jun 1999 08:35:40 +0000" Message-ID: Lines: 65 X-Mailer: Gnus v5.6.45/Emacs 20.3 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 30 Jun 1999 08:35:40 +0000, Jorge Biquez said= : Jorge> I haven't give FTP access to other users but me there because I Jorge> don't know how to restrict space to FTP users and restrict them Jorge> to their directory only. I know this is something basic but at Jorge> least to me that came from other OS has been a hard change. = I can help with this; it took me half a day to find how to do it for an ISP I support. Same problem: users were cruising each others directories via ftp. After I hacked and slashed the ftp daemon code's #defines, here's what we finally found that's much easier :-) =46rom "man ftpd": 5. If the user name appears in the file /etc/ftpchroot, or the user is a member of a group with a group entry in this file, i.e. one prefixed with `@', the session's root will be changed to the user's login directory by chroot(2) as for an ``anonymous'' or ``ftp'' account (see next item). This facil- ity may also be triggered by enabling the boolean "ftp-chroot" capability in login.conf(5). However, the user must still supply a password. This feature is intended as a compromise between a fully anonymous account and a fully privileged ac- count. The account should also be set up as for an anonymous account. The man page for login.conf doesn't say specifically how to do this, but eventually, I figured it out. Specify the "ftp-chroot" as a termcap-style flag (no numeric/string value) for the "default" user. Ours looks like the following, see the last line: default:\ :copyright=3D/etc/COPYRIGHT:\ :welcome=3D/etc/motd:\ :setenv=3DMAIL=3D/var/mail/$,BLOCKSIZE=3DK,EDITOR=3D/usr/bin/ee:\ :path=3D~/bin /bin /usr/bin /usr/local/bin:\ :manpath=3D/usr/share/man /usr/local/man:\ :nologin=3D/etc/nologin:\ :cputime=3Dunlimited:\ :datasize=3Dunlimited:\ :stacksize=3Dunlimited:\ :memorylocked=3Dunlimited:\ :memoryuse=3Dunlimited:\ :filesize=3Dunlimited:\ :coredumpsize=3Dunlimited:\ :openfiles=3Dunlimited:\ :maxproc=3Dunlimited:\ :priority=3D0:\ :ignoretime@:\ :umask=3D022:\ :ftp-chroot: Jorge> Could you give me your advice on resources to learn this?. Or Jorge> maybe do you have the book and would you like to sell it to me? Jorge> ;) The FreeBSD handbook is excellent, though not specific to ISPs. Others have mentioned the freebsd-isp mailing list. Lots of great O'Reilly books on sysadm but nothing specific to FreeBSD. Probably freebsd-isp is the best place; and search the archives on www.freebsd.org. Later. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message