Date: Wed, 8 Sep 1999 17:29:30 +0800 (PHT) From: "Francis A. Vidal" <francis@usls.edu> To: Anand Buddhdev <arb@anand.org> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: restricted FTP-only user Message-ID: <Pine.LNX.4.10.9909081722220.487-100000@atlas.usls.edu> In-Reply-To: <19990908115527.J14237@africaonline.co.ke>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 8 Sep 1999, Anand Buddhdev wrote: > > i'm setting up an account for some staff to be able to upload files to the > > web server. i want them to be chrooted to the DocumentRoot of the > > webserver and will have no shell access except FTP access. > > Create the account, and make its home directory the DocumentRoot of your > webserver. Then put the account name in the file /etc/ftpchroot. Also, > give this account a shell like /sbin/nologin, and make sure > /sbin/nologin has an entry in /etc/shells (to allow FTP logins). aha, now i know. what i did is to create a login class in /etc/login.conf and changed the shell for ftp-users, which worked, but i like your suggestion. btw, will chrooting allow him to traverse symbolic links to directories? > > i also don't want them to delete files made by root inside the > > DocumentRoot area. how can i do that? > > Make the document directory sticky. chmod +t <directory> > > > is it also possible to move the /cgi-bin/ directory to the DocumentRoot > > area? what are the security implications? > > Don't know. I don't work much with web servers. -- francis vidal university of st. la salle, bacolod city, philippines . . . . . . . PGP key available via e-mail / subject: get PGP key u s l s N E T tel. nos. (6334).435.2324 / 433.3526 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.9909081722220.487-100000>