From owner-freebsd-questions Tue Nov 28 12:25:35 1995 Return-Path: owner-questions Received: (from root@localhost) by freefall.freebsd.org (8.6.12/8.6.6) id MAA02253 for questions-outgoing; Tue, 28 Nov 1995 12:25:35 -0800 Received: from phaeton.artisoft.com (phaeton.Artisoft.COM [198.17.250.211]) by freefall.freebsd.org (8.6.12/8.6.6) with ESMTP id MAA02239 for ; Tue, 28 Nov 1995 12:25:30 -0800 Received: (from terry@localhost) by phaeton.artisoft.com (8.6.11/8.6.9) id NAA21951; Tue, 28 Nov 1995 13:20:22 -0700 From: Terry Lambert Message-Id: <199511282020.NAA21951@phaeton.artisoft.com> Subject: Re: Secure ftp under FreeBSD... To: ghelmer@alpha.dsu.edu (Guy Helmer) Date: Tue, 28 Nov 1995 13:20:22 -0700 (MST) Cc: mango@communique.net, questions@freebsd.org In-Reply-To: from "Guy Helmer" at Nov 27, 95 04:11:38 pm X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 1406 Sender: owner-questions@freebsd.org Precedence: bulk > > I am trying to set secure ftp on a FreeBSD box; ie, all my users can ftp > > into the box, but, as they get in, I want to chroot them to their home > > directory... > > Interesting -- I'd be interested in hearing how you solve the need for > "/bin/ls" relative to each user's home directory... I thought this as well, but I didn't say it. 8-). A statically linked ls would be a good deal, and as long as all users were on the same drive, you could hard link it between their home directories. Kinda bogus if they can unlink it and replace it with a hard link to, for instance, /bin/sh. Actually, there is a mechanism for per process root search override based on the fdp in the proc struct. It's a little screwed up right now because the value is only initialized on a chroot and then conditionally used, when actually it should be initialized for everyone at fork time and unilaterally used (removing the rootvp reference in vfs_lookup.c). You *could* fix the problem using that mechanism in combination with removing the ftpd's ability to execute arbitrary commands. Then look up binaries (all one of them) relative to the system root by way of opening the system root and using fchdir() after the fork to put the search path back for the subshell. Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.