Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Nov 2000 17:10:36 -0500 (EST)
From:      Jim Weeks <jim@siteplus.net>
To:        Steve Price <sprice@hiwaay.net>
Cc:        Dave Wilson <davew@sai.co.za>, freebsd-isp@FreeBSD.ORG
Subject:   Re: Limited FTP accounts
Message-ID:  <Pine.BSF.4.21.0011061650150.1769-100000@veager.siteplus.net>
In-Reply-To: <20001106110328.B70975@bonsai.knology.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

On Mon, 6 Nov 2000, Steve Price wrote:

> On Mon, Nov 06, 2000 at 02:19:24PM +0200, Dave Wilson wrote:
> # 
> # Any one got any ideas on how to restrict an FTP user to only accessing his
> # home directory and nothing else ?
> # See I want a normal user to have access to nothing else other than his home
> # directory.
> 
> >From the ftpd() manpage:
> 
>     5.   If the user name appears in the file /etc/ftpchroot, or the
>          user is a member of a group with a group entry in this file,
>          i.e. one prefixed with `@', the session's root will be changed
>          to the user's login directory by chroot(2) as for an
>          ``anonymous'' or ``ftp'' account (see next item).  This facil-
>          ity may also be triggered by enabling the boolean "ftp-chroot"
>          capability in login.conf(5).  However, the user must still
>          supply a password.  This feature is intended as a compromise
>          between a fully anonymous account and a fully privileged ac-
>          count.  The account should also be set up as for an anonymous
>          account.

The only problem with this is that the user can not cd into a soft linked
web directory.  

Example of the web tree: 
"/usr/local/www/data/user"

Example of home: 
"/usr/home/user" with a "ln -s /usr/local/www/data/user www"
where www is a soft link to the true server tree.

If your machine is already set up this way you may want to move
"/usr/local/www/data/user" to "/usr/home/www" and ad a link in the server
tree like "ln -s /usr/home/www user".  This will work.

If your version is 4.X or above "FTPD_INTERNAL_LS" is already
functional.  If you are using 3.5 or bellow you will need to make and
install /usr/src/libexec/ftpd with "FTPD_INTERNAL_LS" defined.  This is
necessary for the user to be able to ls his/her directories under chroot.

Hope this helps,

Jim



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0011061650150.1769-100000>