From owner-freebsd-questions Sat Jun 6 22:31:04 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id WAA08547 for freebsd-questions-outgoing; Sat, 6 Jun 1998 22:31:04 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from mh2.cts.com (root@mh2.cts.com [205.163.24.68]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA08530 for ; Sat, 6 Jun 1998 22:30:59 -0700 (PDT) (envelope-from preeper@cts.com) Received: from sgt361.cts.com (gt361.cts.com [204.212.158.91]) by mh2.cts.com (8.8.7/8.8.5) with SMTP id WAA04169 for ; Sat, 6 Jun 1998 22:30:58 -0700 (PDT) Message-Id: <3.0.5.32.19980606221622.00831e20@crash.cts.com> X-Sender: preeper@crash.cts.com (Unverified) X-Mailer: QUALCOMM Windows Eudora Pro Version 3.0.5 (32) Date: Sat, 06 Jun 1998 22:16:22 -0700 To: freebsd-questions@FreeBSD.ORG From: Jerry Preeper Subject: guest users and ftpd Mime-Version: 1.0 Content-Type: text/enriched; charset="us-ascii" Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I have been following all of the instructions in the various emails and manpages to create groups of users that will only have ftp access to the server. I'm almost there I think, but it doesn't quite work. The short of it is that if I take the -a flag off the ftp line from inetd.conf the user is granted access but can browse anywhere throughout the server, which I don't want to allow - but rather restrict them to their directory. ls support is built in (login without the -a option shows Version 6.00LS) Using the -al option in inetd.conf (I have done killall -1 inetd after making the changes), I always either get a connection failed message as follows: Connected to xxx.xx.xx.x port 21 ftpd: invalid address for -a Any ideas on what I am missing here? Jerry Preeper ------------------------------------------ Details of applicable files are: ------------------------------------------ I created a user and then modified the /etc/passwd file to chroot the user like this: username:*:6101:6100:Real Name:/www/dirname/htdocs/aaa/username/./:/bin/ftponly The group file shows 6101 as a member of 6100 At /bin/ftponly is a small script as follows (comments removed) - chmod 755 owner bin.bin : trap "/bin/echo Sorry; exit 0" 1 2 3 4 5 6 7 10 15 IFS="" Admin=admin@hostname.com System=`SiteName` /bin/echo /bin/echo "********************************************************************" /bin/echo " You are NOT allowed interactive access to $System." /bin/echo /bin/echo " User accounts are restricted to ftp and web access." /bin/echo /bin/echo " Direct questions concerning this policy to $Admin." /bin/echo "********************************************************************" /bin/echo exit 0 The ftp line from inetd.conf is: ftp stream tcp nowait root /usr/local/libexec/tcpd ftpd -al I have created the most basic ftpaccess file in /usr/local/etc to see if I can get it to work without most of the options as follows (comments removed) chmod 600 owner root.wheel : guestgroup group1 guestgroup group2 guestgroup group3 guestgroup group4 guestgroup group5 class all real,guest,anonymous * limit all 100 Any # /etc/msgs/msg.toomany readme README* login readme README* cwd=* shutdown /etc/shutmsg email user@hostname To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message