From owner-freebsd-security  Thu Oct 10 08:42:20 1996
Return-Path: owner-security
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA25705
          for security-outgoing; Thu, 10 Oct 1996 08:42:20 -0700 (PDT)
Received: from www.bemarnet.es ([194.179.67.1])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA25696
          for <freebsd-security@FreeBSD.ORG>; Thu, 10 Oct 1996 08:42:15 -0700 (PDT)
Received: from ariadna (www.santatecla.com [194.179.67.201]) by www.bemarnet.es (8.6.11/8.6.9) with SMTP id RAA03846 for <freebsd-security@FreeBSD.ORG>; Thu, 10 Oct 1996 17:40:57 GMT
Message-Id: <2.2.32.19961010154508.0070ce84@host.bemarnet.es>
X-Sender: antonio@host.bemarnet.es
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 10 Oct 1996 16:45:08 +0100
To: freebsd-security@FreeBSD.ORG
From: Antonio Navarro Navarro <hostmaster@bemarnet.es>
Subject: Restricted access via FTP
Sender: owner-security@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

Hello All !

I have created a user account named 'username' with 'shell=/nonexistent'
(telnet access is not allowed), 'group=nogroup' and home directory =
/home/www/username. The NCSA web server is running under user www (group
www) and the home directory for the web pages is /home/www. 

When the user 'username' makes an FTP to the server, is allowed to update
the files under the directory '/home/www/username' (this files can be viewed
using a web navigator with the url http://www.bemarnet.es/username) but he
also is allowed to do a 'cd \' or 'cd ..' and then look all the files in the
server. 

How can I deny access to all the directory structure under /home/www/username ?

Thanks a lot !

 +-----------------------------------------------------------------------+
 | Antonio Navarro Navarro                 E-mail: webmaster@bemarnet.es |
 +-----------------------------------------------------------------------+
 | BemarNet Management                           Phone : +34-6-165.66.44 |
 | Makes business easier...         ,,,            Fax : +34-6-165.65.14 |
 | http://www.bemarnet.es          (o o)                                 |
 +------------------------------o00-(_)-00o------------------------------+
 | Have a nice day - Have a nice day - Have a nice day - Have a nice day |
 +-----------------------------------------------------------------------+