From owner-freebsd-questions@FreeBSD.ORG Fri Dec 12 15:01:16 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D465E106567B for ; Fri, 12 Dec 2008 15:01:16 +0000 (UTC) (envelope-from unixvn@gmail.com) Received: from rv-out-0506.google.com (rv-out-0506.google.com [209.85.198.231]) by mx1.freebsd.org (Postfix) with ESMTP id A95878FC12 for ; Fri, 12 Dec 2008 15:01:16 +0000 (UTC) (envelope-from unixvn@gmail.com) Received: by rv-out-0506.google.com with SMTP id b25so1400532rvf.43 for ; Fri, 12 Dec 2008 07:01:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type :content-transfer-encoding:content-disposition:references; bh=x0k3GD9sOO73MCNyLK1rbeoUXUE43KRzaU0zPEg/Jik=; b=ibDqN6hvqpdZXGwHWBxGbdz93vSw0Da7pw/dwBUghW0b+CJc8TwIJzjX36TKuk2urd D9NtjJzTymvSZGBCQzbd3qsFJgBnZFgs+zvJ3c0cmc8YvTmDx1054xAWBh1dwR9Gl8zV Po6+IVyJiVlQjklso/NIN2JOLH1qSg1GN6cK4= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:content-transfer-encoding:content-disposition :references; b=JXQ2UNZ6ieuivZSG0/lnWghaB3H4P4YMfN3m+8jd4zGmxVXUsZ6ZhCJ5S4IOSHLMLZ lG/+2i/8dDeOkGt5P8gS4IalGirh1x/LJq4cIjPn0OfnFib75G0y9J7pM0BJ+FPcd3vs p9iibDnctw5cq9+7FiCt52MEGmIKMgw+eyFJA= Received: by 10.141.153.17 with SMTP id f17mr1959815rvo.99.1229094076309; Fri, 12 Dec 2008 07:01:16 -0800 (PST) Received: by 10.140.193.12 with HTTP; Fri, 12 Dec 2008 07:01:16 -0800 (PST) Message-ID: <64b284310812120701tfcb5a51r6b8a293241f09af9@mail.gmail.com> Date: Fri, 12 Dec 2008 23:01:16 +0800 From: "Nguyen Tam Chinh" To: "freebsd-questions@freebsd.org" In-Reply-To: <494162D7.4010500@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <494162D7.4010500@gmail.com> Subject: Re: ftpd not chroot'ing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Dec 2008 15:01:17 -0000 On Fri, Dec 12, 2008 at 2:58 AM, Gunther Mayer wrote: > Hi guys, > > I'm trying to set up a really simple, single account write only ftp service. > So I put > > ftpd_enable="YES" > ftpd_flags="-o -d" > > in my rc.conf and started the ftp server. Now I have a special password > enabled user account called "camera" (none of the other accounts have > passwords, all logins are either remote ssh with keys or local terminal > access with root) with login shell /bin/sh. > > So far so good. All I want to do now is now use the chroot facility of ftpd > so that when user "camera" logs in ftpd will chroot the session to its home > directory (/home/camera). man ftpd and man ftpchroot tells me to put > something like > > camera yes > > in /etc/ftpchroot. But once I do that I always get: > > $ ftp myserver.mydomain.com > Connected to myserver.mydomain.com > 220 myserver FTP server (Version 6.00LS) ready. > Name (mypc:test): camera > 331 Password required for camera. > Password: > 550 Can't change root. > Login failed. > ftp> quit > 221 Goodbye. > > If I disable that line in /etc/ftpchroot by commenting it out I can log in > perfectly fine though. Even debug log messages (-d) don't tell me anything > more than "can't change root" :-( > > The alternative as stated by "man ftpd" - putting a ":ftp-chroot=true:" in > /etc/login.conf and doing a cap_mkdb /etc/login.conf seems to make no > difference as no chroot is in effect (I can still cd .. and get to /home). > > What am I doing wrong? > > Gunther > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Try to put just username there, no need to put "yes". -- With best regards, Chinh Nguyen *********************************** FreeBSD - The Power to Serve