From owner-freebsd-doc@FreeBSD.ORG Sat Jun 26 19:52:30 2004 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B44A616A4CE for ; Sat, 26 Jun 2004 19:52:30 +0000 (GMT) Received: from pinky.otenet.gr (pinky.otenet.gr [195.170.0.24]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1988B43D2F for ; Sat, 26 Jun 2004 19:52:29 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr530-b201.otenet.gr [212.205.244.209]) i5QJpkGP006732 for ; Sat, 26 Jun 2004 22:51:48 +0300 Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.11/8.12.11) with ESMTP id i5QJpj1b015759 for ; Sat, 26 Jun 2004 22:51:45 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.gr (8.12.11/8.12.11/Submit) id i5QJ2E0U048621; Sat, 26 Jun 2004 22:02:14 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Sat, 26 Jun 2004 22:02:14 +0300 From: Giorgos Keramidas To: Bill Moran Message-ID: <20040626190214.GC1016@gothmog.gr> References: <20040621213819.43df0591.wmoran@potentialtech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040621213819.43df0591.wmoran@potentialtech.com> cc: doc@freebsd.org Subject: Re: ftp-chroot in login.conf ... doc error? X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jun 2004 19:52:30 -0000 On 2004-06-21 21:38, Bill Moran wrote: > In the man page for ftpd, it states that the user is chrooted if the > login class has ftp-chroot set ... however, man 5 login.conf doesn't > seem to mention ftp-chroot anywhere ... I appears as if the login.conf > man page is supposed to be a comprehensive list of options ... > > Is one of these wrong, or am I missing something, or is there a fold > in the space-time continuum? Hi Bill, The option is ftpd(8)-specific and can be disabled at compile-time by deleting -DLOGIN_CAP from the Makefile in `/usr/src/libexec/ftpd'. This is probably the rationale behind the current location of the option's description. You're right though that we should probably add a description of the ftpchroot option to login.conf(5) too, but I'm not sure if this duplication will help so much. IMHO, if a small description is added it should probably be something like this: ftp-chroot If your ftpd(8) has been compiled with login.conf(5) support, then you can set this boolean option for a user class to tell ftpd(8) that it should use chroot(2) to restrict the specific class of users in their HOME directory after they have successfully authenticated. Does this look ok as an addition to login.conf(5)? > Heh ... while I'm on the topic, I'm looking for a way to set an > option so the user is chrooted to his home dir whether he sshes, > scps, or ftps ... doesn't look like that's in the docs either ;) I'm not sure if there's a general way to do this for all programs that provide access to the filesystem in some way :-( - Giorgos