From owner-freebsd-questions  Mon Jul  8  2:36:42 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A22DA37B400
	for <freebsd-questions@FreeBSD.ORG>; Mon,  8 Jul 2002 02:36:40 -0700 (PDT)
Received: from dns.perimeter.co.za (dns.perimeter.co.za [196.25.164.254])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 8DA8843E09
	for <freebsd-questions@FreeBSD.ORG>; Mon,  8 Jul 2002 02:36:36 -0700 (PDT)
	(envelope-from bsd@perimeter.co.za)
Received: from PATRICK (loopback.mipjhb [209.212.102.245] (may be forged))
	by dns.perimeter.co.za (8.11.1/8.11.1) with SMTP id g689aIT88338;
	Mon, 8 Jul 2002 11:36:22 +0200 (SAST)
	(envelope-from bsd@perimeter.co.za)
Message-ID: <024901c22663$29a433c0$b50d030a@PATRICK>
From: "Patrick O'Reilly" <bsd@perimeter.co.za>
To: "Peter Brezny" <pbrezny@purplecat.net>,
	<freebsd-questions@FreeBSD.ORG>
References: <NEBBIGLHNDFEJMMIEGOOEEIMFCAA.pbrezny@purplecat.net>
Subject: Re: a default ftpchroot entry?
Date: Mon, 8 Jul 2002 11:37:57 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

----- Original Message -----
From: "Peter Brezny" <pbrezny@purplecat.net>


> Is there a way to have a wildcard in the /etc/ftpchroot file in
combination
> with an 'exculded' list so that every new user is restricted to their
> directory?

Hey Peter - are you still hacking away???

ftpchroot supports group names as well as user names.  What I've done is
create a group called 'email' for email only accounts, and a group
called 'ftp' for accounts which have ftp access.

Then, in /etc/ftpchroot I have this line:
---
@ftp
---

and in /etc/ftpusers I have this line:
---
@email
---

This prevents email users from doing FTP at all, and applies chroot to
all users who belong to group 'ftp', based on the home directory
specified in /etc/passwd.

Members of other groups ('wheel', etc) can connect and are not chrooted.

You will probably need to develop a variation of this plan to meet your
needs.

HTH.

Regards,
Patrick O'Reilly.
    ___        _            __
   / _ )__ __ (_)_ __ ___ _/ /____ __
  / __/ -_) _) /  ~  ) -_), ,-/ -_) _)
 /_/  \__/_//_/_/~/_/\__/ \__/\__/_/
    http://www.perimeter.co.za



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message