From owner-freebsd-questions  Wed May  7 00:01:50 1997
Return-Path: <owner-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id AAA06442
          for questions-outgoing; Wed, 7 May 1997 00:01:50 -0700 (PDT)
Received: from gatekeeper.barcode.co.il (gatekeeper.barcode.co.il [192.116.93.17])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id AAA06431
          for <freebsd-questions@FreeBSD.ORG>; Wed, 7 May 1997 00:01:44 -0700 (PDT)
Received: (from smap@localhost) by gatekeeper.barcode.co.il (8.8.5/8.6.12) id JAA05354; Wed, 7 May 1997 09:58:48 +0300 (IDT)
X-Authentication-Warning: gatekeeper.barcode.co.il: smap set sender to <nadav@barcode.co.il> using -f
Received: from localhost.barcode.co.il(127.0.0.1) by gatekeeper.barcode.co.il via smap (V1.3)
	id sma005352; Wed May  7 09:58:45 1997
Message-ID: <3370286F.6FFE@barcode.co.il>
Date: Wed, 07 May 1997 09:59:59 +0300
From: Nadav Eiron <nadav@barcode.co.il>
X-Mailer: Mozilla 3.0 (X11; I; SunOS 5.5 sun4m)
MIME-Version: 1.0
To: rajesha@ct-yardley.com
CC: freebsd-questions@FreeBSD.ORG, rakeshs@ct-yardley.com
Subject: Re: ftp daemon
References: <199705062201.SAA18737@boris.theeddy.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

rajesha@ct-yardley.com wrote:
> 
> This is in regards to a problem in the ftp daemon supplied with the
> FreeBSD (Rel 2.1.7).  The problem is:
> 
>         1) Suppose I logged in as one of the designated ftp user.  The ftp
>             daemon would place the user in this directory ('/home/ftp/user')
>             Then suppose if he did a 'cd ..', he/she would be at /home/ftp'
>             Then he/she reissued the 'cd..' command thus placing them
>              in '/home' directory (on my system, /home -> /usr/home)
> 
>         2)  If an anonymous ftp user logs in, he is not able to go beyond
>               the '/home/ftp' even if he tries 'cd ..' two or more times.
> 
>         This    would be a security risk if an ftp users other than
> anonymous can get to system areas through ftp!!.  Are there any other
> settings that need to be set in the ftp resource files
> 
> I would appreciate if you could give some hints or pointers regarding
> these issues!!

Use wu-ftpd. It's in the ports/packages collection and has a zillion
options, including the option to chroot when doing standard logins (with
user names).

> 
> Rajesh Acharya
> Cybertech Intl, Inc.

Nadav