From owner-freebsd-security  Thu Oct 10 11:05:06 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id LAA06801
          for security-outgoing; Thu, 10 Oct 1996 11:05:06 -0700 (PDT)
Received: from www.hsc.wvu.edu (www.hsc.wvu.edu [157.182.105.122])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA06781
          for <freebsd-security@freebsd.org>; Thu, 10 Oct 1996 11:05:00 -0700 (PDT)
Received: (from rjivan@localhost) by www.hsc.wvu.edu (8.6.12/8.6.12) id OAA05229; Thu, 10 Oct 1996 14:07:21 -0400
Date: Thu, 10 Oct 1996 14:07:21 -0400 (EDT)
From: Rajiv Jivan <rjivan@www.hsc.wvu.edu>
To: Antonio Navarro Navarro <hostmaster@bemarnet.es>
cc: freebsd-security@freebsd.org
Subject: Re: Restricted access via FTP
In-Reply-To: <2.2.32.19961010154508.0070ce84@host.bemarnet.es>
Message-ID: <Pine.BSF.3.91.961010140651.5038C-100000@www.hsc.wvu.edu>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

Use wu-ftpd  as your ftpd daemon

On Thu, 10 Oct 1996, Antonio Navarro Navarro wrote:

> Hello All !
> 
> I have created a user account named 'username' with 'shell=/nonexistent'
> (telnet access is not allowed), 'group=nogroup' and home directory =
> /home/www/username. The NCSA web server is running under user www (group
> www) and the home directory for the web pages is /home/www. 
> 
> When the user 'username' makes an FTP to the server, is allowed to update
> the files under the directory '/home/www/username' (this files can be viewed
> using a web navigator with the url http://www.bemarnet.es/username) but he
> also is allowed to do a 'cd \' or 'cd ..' and then look all the files in the
> server. 
> 
> How can I deny access to all the directory structure under /home/www/username ?
> 
> Thanks a lot !
> 
>  +-----------------------------------------------------------------------+
>  | Antonio Navarro Navarro                 E-mail: webmaster@bemarnet.es |
>  +-----------------------------------------------------------------------+
>  | BemarNet Management                           Phone : +34-6-165.66.44 |
>  | Makes business easier...         ,,,            Fax : +34-6-165.65.14 |
>  | http://www.bemarnet.es          (o o)                                 |
>  +------------------------------o00-(_)-00o------------------------------+
>  | Have a nice day - Have a nice day - Have a nice day - Have a nice day |
>  +-----------------------------------------------------------------------+
>