From owner-freebsd-security Thu Oct 10 12:19:32 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA09938 for security-outgoing; Thu, 10 Oct 1996 12:19:32 -0700 (PDT) Received: from mail.crl.com (mail.crl.com [165.113.1.22]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id MAA09929 for ; Thu, 10 Oct 1996 12:19:29 -0700 (PDT) Received: from al.imforei.apana.org.au by mail.crl.com with SMTP id AA28130 (5.65c/IDA-1.5 for ); Thu, 10 Oct 1996 12:20:21 -0700 Received: (from pjchilds@localhost) by al.imforei.apana.org.au (8.8.0/8.7.3) id EAA01749; Fri, 11 Oct 1996 04:46:31 +0930 (CST) Date: Fri, 11 Oct 1996 04:46:31 +0930 (CST) From: Peter Childs Message-Id: <199610101916.EAA01749@al.imforei.apana.org.au> To: hostmaster@bemarnet.es (Antonio Navarro Navarro), freebsd-security@freebsd.org Subject: Re: Restricted access via FTP X-Newsreader: TIN [version 1.2 PL2] Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk In article <2.2.32.19961010154508.0070ce84@host.bemarnet.es> you wrote: : Hello All ! Gday! [cut] : the files under the directory '/home/www/username' (this files can be viewed : using a web navigator with the url http://www.bemarnet.es/username) but he : also is allowed to do a 'cd \' or 'cd ..' and then look all the files in the : server. There are some patches to wu-ftpd to allow multihomed hosts, and some others to do "chroot" for users ftp directories. I suggest either finding these, or just modifiying wu-ftpd yourself so that it "chroot"'s into users home directories when they log in with ftp. You'll need to remember that if they do chroot then they require accessable copies of "ls" and stuff like that. Perhaps you should make it so that it "chroot"'s to /home and then have a /home/bin with static binaries users might require for ftp (like ls) Regards, Peter -- Peter Childs --- http://www.imforei.apana.org.au/~pjchilds Finger pjchilds@al.imforei.apana.org.au for public PGP key Drag me, drop me, treat me like an object!