From owner-freebsd-isp Wed Dec 31 11:43:26 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.7/8.8.7) id LAA20472 for isp-outgoing; Wed, 31 Dec 1997 11:43:26 -0800 (PST) (envelope-from owner-freebsd-isp) Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38]) by hub.freebsd.org (8.8.7/8.8.7) with ESMTP id LAA20467 for ; Wed, 31 Dec 1997 11:43:22 -0800 (PST) (envelope-from julian@whistle.com) Received: (from daemon@localhost) by alpo.whistle.com (8.8.5/8.8.5) id LAA22443; Wed, 31 Dec 1997 11:36:49 -0800 (PST) Received: from UNKNOWN(), claiming to be "current1.whistle.com" via SMTP by alpo.whistle.com, id smtpd022441; Wed Dec 31 11:36:43 1997 Date: Wed, 31 Dec 1997 11:33:41 -0800 (PST) From: Julian Elischer To: "Daniel O'Callaghan" cc: Ernie Elu , freebsd-isp@FreeBSD.ORG Subject: Re: Virtual Telnet In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk It's actually a trivial hack to make login user the same chroot semantics as wu-ftpd. I posted some patches on 'hackers' a long time ago too (1995?)(1994?) julian On Wed, 31 Dec 1997, Daniel O'Callaghan wrote: > On Wed, 31 Dec 1997, Ernie Elu wrote: > > > I know it is not too hard to set up a virtual domain, website, and ftp site > > for a client, but is it possible to have a restricted login? > > > > By that I mean if you have a freebsd system hosting www.xyz.com and the > > client wants to be able to telnet in to hand edit files, is it possible to > > restrict their access to only their home directory and its subdirectories? > > > > Sort of an automated chroot thing you can't bypass I guess. > > Build a chrooted area with /etc, /bin, /usr/bin, /usr/lib, /usr/libexec > files which are necessary. > Change inetd to run telnetd.sh and have telnetd.sh do: > > ----- > #!/bin/sh > cd /newroot > /usr/sbin/chroot . exec /usr/libexec/telnetd > ----- > > Danny >