From owner-freebsd-doc@FreeBSD.ORG Sat Jun 26 23:15:41 2004 Return-Path: Delivered-To: freebsd-doc@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 49B6816A4CE for ; Sat, 26 Jun 2004 23:15:41 +0000 (GMT) Received: from brain.otenet.gr (brain.otenet.gr [195.170.0.25]) by mx1.FreeBSD.org (Postfix) with ESMTP id F07DC43D41 for ; Sat, 26 Jun 2004 23:15:37 +0000 (GMT) (envelope-from keramida@ceid.upatras.gr) Received: from gothmog.gr (patr530-a032.otenet.gr [212.205.215.32]) i5QNEmVB009648 for ; Sun, 27 Jun 2004 02:14:49 +0300 Received: from gothmog.gr (gothmog [127.0.0.1]) by gothmog.gr (8.12.11/8.12.11) with ESMTP id i5QNEmZt001870 for ; Sun, 27 Jun 2004 02:14:48 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Received: (from giorgos@localhost) by gothmog.gr (8.12.11/8.12.11/Submit) id i5QMZis6001550; Sun, 27 Jun 2004 01:35:44 +0300 (EEST) (envelope-from keramida@ceid.upatras.gr) Date: Sun, 27 Jun 2004 01:35:43 +0300 From: Giorgos Keramidas To: Bill Moran Message-ID: <20040626223543.GC1176@gothmog.gr> References: <20040621213819.43df0591.wmoran@potentialtech.com> <20040626190214.GC1016@gothmog.gr> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040626190214.GC1016@gothmog.gr> cc: doc@freebsd.org Subject: Re: ftp-chroot in login.conf ... doc error? X-BeenThere: freebsd-doc@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Documentation project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jun 2004 23:15:41 -0000 On 2004-06-26 22:02, Giorgos Keramidas wrote: > IMHO, if a small description is added it should probably be something > like this: > > ftp-chroot If your ftpd(8) has been compiled with login.conf(5) > support, then you can set this boolean option for a > user class to tell ftpd(8) that it should use > chroot(2) to restrict the specific class of users in > their HOME directory after they have successfully > authenticated. > Does this look ok as an addition to login.conf(5)? Well, apparently it doesn't. After reading the manpage more carefully, I withdraw the above proposal and substitute this diff in its place: %% Index: login.conf.5 =================================================================== RCS file: /home/ncvs/src/lib/libutil/login.conf.5,v retrieving revision 1.49 diff -u -r1.49 login.conf.5 --- login.conf.5 5 May 2003 06:25:03 -0000 1.49 +++ login.conf.5 26 Jun 2004 22:34:24 -0000 @@ -183,6 +183,14 @@ value. .It "hushlogin bool false Same as having a ~/.hushlogin file. .It "ignorenologin bool false Login not prevented by nologin. +.It "ftp-chroot bool false Limit ftp access with +.Xr chroot 2 +to the +.Ev HOME +directory of the user. +See +.Xr ftpd 8 +for details. .It "label string Default MAC policy; see .Xr maclabel 7 . .It "lang string Set $LANG environment variable to the specified value. @@ -399,6 +407,7 @@ .Sh SEE ALSO .Xr cap_mkdb 1 , .Xr login 1 , +.Xr chroot 2 , .Xr getcap 3 , .Xr getttyent 3 , .Xr login_cap 3 , @@ -406,4 +415,5 @@ .Xr pam 3 , .Xr passwd 5 , .Xr ttys 5 , +.Xr ftpd 8 , .Xr pam_passwdqc 8 %%