Date: Sat, 30 Nov 1996 15:00:21 -0800 From: Stephen Melvin <melvin@zytek.com> To: hackers@freebsd.org Subject: modifications to ftpd to support restricted users Message-ID: <199611302300.PAA29203@syzygy.zytek.com>
next in thread | raw e-mail | index | archive | help
Hello, I haven't read hackers in a while so accept my apologies if this is redundant or inappropriate. I thought this might be of use. I have need for an FTP-only login that is restricted like the anonymous login (i.e. chroot'ed) but requires a password. Here is my solution. I put the special string "/ftpuser" in the /etc/shells file to allow the login to take place. Then, I modified ftpd.c so that if the shell is "/ftpuser", it will chroot to the home directory. Note that you must in this case put bin/ls in the home directory to allow listing. It's been working great and allows my web clients to up load to their web site without having to know where it is located. I've attached below my diffs to ftpd.c. It is only seven lines. You can also get it at: ftp://zy.zcc.net/pub/FreeBSD/ftpd.c Regards, Stephen Melvin melvin@zytek.com ------- *** ftpd.c.orig Mon Mar 18 03:10:16 1996 --- ftpd.c Sat Nov 30 14:21:30 1996 *************** *** 115,120 **** --- 115,121 ---- int logging; int restricted_data_ports = 1; int guest; + int ftpuser; #ifdef STATS int stats; int statfd = -1; *************** *** 207,213 **** if (path[1] != '\0') /* special case for root dir. */ strcat(path, "/"); /* For guest account, skip / since it's chrooted */ ! return (guest ? path+1 : path); } int --- 208,214 ---- if (path[1] != '\0') /* special case for root dir. */ strcat(path, "/"); /* For guest account, skip / since it's chrooted */ ! return ((guest || ftpuser) ? path+1 : path); } int *************** *** 452,465 **** char *cp, *shell; if (logged_in) { ! if (guest) { reply(530, "Can't change user from guest login."); return; } end_login(); } ! guest = 0; if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { if (checkuser("ftp") || checkuser("anonymous")) reply(530, "User %s access denied.", name); --- 453,466 ---- char *cp, *shell; if (logged_in) { ! if (guest || ftpuser) { reply(530, "Can't change user from guest login."); return; } end_login(); } ! guest = ftpuser = 0; if (strcmp(name, "ftp") == 0 || strcmp(name, "anonymous") == 0) { if (checkuser("ftp") || checkuser("anonymous")) reply(530, "User %s access denied.", name); *************** *** 493,498 **** --- 494,500 ---- return; } } + if (strcmp(pw->pw_shell,"/ftpuser") == 0) ftpuser = 1; if (logging) strncpy(curname, name, sizeof(curname)-1); #ifdef SKEY *************** *** 550,556 **** logwtmp(ttyline, "", ""); pw = NULL; logged_in = 0; ! guest = 0; } void --- 552,558 ---- logwtmp(ttyline, "", ""); pw = NULL; logged_in = 0; ! guest = ftpuser = 0; } void *************** *** 614,620 **** stats = 0; #endif ! if (guest) { /* * We MUST do a chdir() after the chroot. Otherwise * the old current directory will be accessible as "." --- 616,622 ---- stats = 0; #endif ! if (guest || ftpuser) { /* * We MUST do a chdir() after the chroot. Otherwise * the old current directory will be accessible as "."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611302300.PAA29203>