Date: Tue, 19 Dec 2000 12:59:47 -0500 (EST) From: "Nathan Vidican" <webmaster@wmptl.com> To: "Jason Halbert" <res02jw5@gte.net> Cc: questions@freebsd.org Subject: Re: FTP only user Message-ID: <200012191759.MAA98012@mail2.wmptl.com>
next in thread | raw e-mail | index | archive | help
> Hi everyone: > > I need to create a user that has very restricted access to the system. > I need to allow access to my ftp to a lot of people but these people > don't need access to telnet or ssh or any other service on my box. I > would like to limit the user that way, as well as another way. I > would also like to limit the user in what they can see. Is it > possible to not allow the user to cd out of its home directory? I > don't want them seeing anything outside of that dir if possible. > > Any ideas on how to get started? > > Thanks in Advance > > --- > ------------------------------------------------------- > | Jason P. Halbert | res02jw5@gte.net | > | Transmitter Maintenance Engineer | DALnet: Push^Pop | > | KC5WEG | ICQ#: 86637300 | > | KDAF-TV WB 33 | (214) 252-3300 | > | KDTX-TV 58 | (972) 399-0058 | > ------------------------------------------------------- > | Fortune favors the well prepared. | > | http://jason-n3xt.org | > ------------------------------------------------------- > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To limit the users ONLY to their homedirectory and above, you must simply chroot them. Edit /etc/ftpchroot, add the users (one per line) to this file to accomplish this. If the user's don't already exist, I'd highly reccomend creating a new group, and assigning all of said users to this group, and then just add that group to /etc/ftpchroot. You might also want to read 'man ftpd', it will tell you about all of this stuff. As far as limiting the users from being able to telnet/ssh, unfortunately, (as far as I know anyhow), a user must have a valid shell in order for ftpd to authenticate said user. I usually just their login scripts and make them so the user cannot change them so as to log them out immediately if they attempt telnet/rlogin/ssh logins. Again, highly suggest you try reading the manpage for ftpd, (type in: 'man ftpd' at the command prompt). -- Nathan Vidican webmaster@wmptl.com Windsor Match Plate & Tool Ltd. http://www.wmptl.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200012191759.MAA98012>