Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 19 Dec 2000 12:59:47 -0500 (EST)
From:      "Nathan Vidican" <webmaster@wmptl.com>
To:        "Jason Halbert" <res02jw5@gte.net>
Cc:        questions@freebsd.org
Subject:   Re: FTP only user
Message-ID:  <200012191759.MAA98012@mail2.wmptl.com>

next in thread | raw e-mail | index | archive | help


> Hi everyone:
> 
> I need to create a user that has very restricted access to the system.
> I need to allow access to my ftp to a lot of people but these people
> don't need access to telnet or ssh or any other service on my box.  I
> would like to limit the user that way, as well as another way.  I
> would also like to limit the user in what they can see.  Is it
> possible to not allow the user to cd out of its home directory?  I
> don't want them seeing anything outside of that dir if possible.
> 
> Any ideas on how to get started?
> 
> Thanks in Advance
> 
> ---
> -------------------------------------------------------
> | Jason P. Halbert                 | res02jw5@gte.net |
> | Transmitter Maintenance Engineer | DALnet: Push^Pop |
> | KC5WEG                           | ICQ#: 86637300   |
> | KDAF-TV WB 33                    | (214) 252-3300   |
> | KDTX-TV 58                       | (972) 399-0058   |
> -------------------------------------------------------
> |         Fortune favors the well prepared.           |
> |               http://jason-n3xt.org                 |
> -------------------------------------------------------
> 
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 
> 

To limit the users ONLY to their homedirectory and above, you must 
simply chroot them. Edit /etc/ftpchroot, add the users (one per line) 
to this file to accomplish this.
   If the user's don't already exist, I'd highly reccomend creating a 
new group, and assigning all of said users to this group, and then just 
add that group to /etc/ftpchroot. You might also want to read 'man 
ftpd', it will tell you about all of this stuff.
   As far as limiting the users from being able to telnet/ssh, 
unfortunately, (as far as I know anyhow), a user must have a valid 
shell in order for ftpd to authenticate said user. I usually just their 
login scripts and make them so the user cannot change them so as to log 
them out immediately if they attempt telnet/rlogin/ssh logins.
  Again, highly suggest you try reading the manpage for ftpd, (type 
in: 'man ftpd' at the command prompt).

-- 
Nathan Vidican
webmaster@wmptl.com
Windsor Match Plate & Tool Ltd.
http://www.wmptl.com/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012191759.MAA98012>