From owner-freebsd-security  Fri Nov 17  3:23:56 2000
Delivered-To: freebsd-security@freebsd.org
Received: from lists01.iafrica.com (lists01.iafrica.com [196.7.0.141])
	by hub.freebsd.org (Postfix) with ESMTP id 947E537B479
	for <freebsd-security@freebsd.org>; Fri, 17 Nov 2000 03:23:51 -0800 (PST)
Received: from nwl.fw.uunet.co.za ([196.31.2.162])
	by lists01.iafrica.com with esmtp (Exim 3.12 #2)
	id 13wjcF-0006P3-00; Fri, 17 Nov 2000 13:23:35 +0200
Received: (from nobody@localhost) by nwl.fw.uunet.co.za (8.8.8/8.6.9) id NAA24573; Fri, 17 Nov 2000 13:23:43 +0200 (SAST)
Received: by nwl.fw.uunet.co.za via recvmail id 24304; Fri Nov 17 13:22:12 2000
Received: from sheldonh (helo=axl.fw.uunet.co.za)
	by axl.fw.uunet.co.za with local-esmtp (Exim 3.16 #1)
	id 13wjat-0000ao-00; Fri, 17 Nov 2000 13:22:11 +0200
From: Sheldon Hearn <sheldonh@uunet.co.za>
To: Marcin Krasowski <gorg@weblab.pl>
Cc: Sheldon Jones <freebsd@hobbydump.com>,
	freebsd-security@freebsd.org
Subject: Re: chroot and ftpd 
In-reply-to: Your message of "Fri, 17 Nov 2000 06:29:28 +0100."
             <3A14C238.19C7C60C@weblab.pl> 
Date: Fri, 17 Nov 2000 13:22:11 +0200
Message-ID: <2281.974460131@axl.fw.uunet.co.za>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org



On Fri, 17 Nov 2000 06:29:28 +0100, Marcin Krasowski wrote:

> > Does anyone know of a way to have the chroot function in ftpd lock a
> > user into a sub-directory under their user directory. I would like a
> > way to keep the users in a sub-directory under their root dir.
>
> Just put the name of the user into the /etc/ftpchroot file (create it if
> You dont have one).

You may have missed the key part of Sheldon's mail that mentioned a
"sub-directory".

The stock ftp daemon shipped with FreeBSD does not have this facility.

It wouldn't be at all difficult to extend the structure of the ftpchroot
file to support this in a backward compatible manner.  I wouldn't feel
comfortable doing this, because I'm not convinced that the ftpchroot
file is exclusively owned by and relevant to the ftp daemon.

I can understand that this is a desirable feature, but I'm it's probably
worth further discussion off this list, where the topic is off-charter.
For example, it might be preferable to introduce a ~/ftpdrc file, the
contents of which are executed under the user's userid during the FTP
login.

I'd suggest that interested parties follow up to me personally (_not_ to
this list) and I'll post a digest back to the freebsd-current mailing
list.

Ciao,
Sheldon.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message