From owner-freebsd-questions Wed Sep 8 2:33:49 1999 Delivered-To: freebsd-questions@freebsd.org Received: from atlas.usls.edu (linux1.usls.edu [202.47.133.46]) by hub.freebsd.org (Postfix) with ESMTP id BEEB514FA9 for ; Wed, 8 Sep 1999 02:33:38 -0700 (PDT) (envelope-from francis@usls.edu) Received: by atlas.usls.edu (Postfix, from userid 500) id 156C2A4C0; Wed, 8 Sep 1999 17:29:31 +0800 (PHT) Received: from localhost (localhost [127.0.0.1]) by atlas.usls.edu (Postfix) with ESMTP id 0776C7D93; Wed, 8 Sep 1999 17:29:31 +0800 (PHT) Date: Wed, 8 Sep 1999 17:29:30 +0800 (PHT) From: "Francis A. Vidal" To: Anand Buddhdev Cc: FreeBSD Questions Subject: Re: restricted FTP-only user In-Reply-To: <19990908115527.J14237@africaonline.co.ke> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 8 Sep 1999, Anand Buddhdev wrote: > > i'm setting up an account for some staff to be able to upload files to the > > web server. i want them to be chrooted to the DocumentRoot of the > > webserver and will have no shell access except FTP access. > > Create the account, and make its home directory the DocumentRoot of your > webserver. Then put the account name in the file /etc/ftpchroot. Also, > give this account a shell like /sbin/nologin, and make sure > /sbin/nologin has an entry in /etc/shells (to allow FTP logins). aha, now i know. what i did is to create a login class in /etc/login.conf and changed the shell for ftp-users, which worked, but i like your suggestion. btw, will chrooting allow him to traverse symbolic links to directories? > > i also don't want them to delete files made by root inside the > > DocumentRoot area. how can i do that? > > Make the document directory sticky. chmod +t > > > is it also possible to move the /cgi-bin/ directory to the DocumentRoot > > area? what are the security implications? > > Don't know. I don't work much with web servers. -- francis vidal university of st. la salle, bacolod city, philippines . . . . . . . PGP key available via e-mail / subject: get PGP key u s l s N E T tel. nos. (6334).435.2324 / 433.3526 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message