Date: Sun, 25 Apr 1999 03:32:27 -0500 (CDT) From: John Preisler <john@vapornet.net> To: erik <erik@chapman.karlskrona.se> Cc: freebsd-security@FreeBSD.ORG Subject: Re: limit ftp users to their homedir Message-ID: <14114.53550.598471.753465@habanero.chili-pepper.net> In-Reply-To: <3.0.6.32.19990425001944.00904430@chapman.karlskrona.se>
index | next in thread | previous in thread | raw e-mail
I cant find the request I just got for this info, but in order to have
this capability from login.conf(5) what you need to do is:
1. cd into src/libexec/ftpd
2. [assuming a bourney shell]
$ export FTPD_INTERNAL_LS=true
$ make install clean
hopefully now you have an ftpd with the 'ls' command built-in
3. include the following entry into your
desired login class in /etc/login.conf:
:ftp-chroot:
4. cap_mkdb /etc/login.conf
now everyone with that login class will be chrooted into their home
directory when they ftp into your machine.
hope this helps
-j
erik writes:
>
> is there a way to deny a registered user access to anything but his own
> homedirectory?
>
> it would be nice if it was the same as with anonymous access.. ie. users
> who cwd to "/" ,
> really enters the virtual ftp root instead of the real system root.
>
> is this possible to do with _none anonymous_ users?
>
> for example:
>
> in a normal setup, when user foo ftps to the system, the initial directory
> will be
> his homedirectory. when (for some reason) he cwd to "/" he will enter the
> real system root.
> can you limit him to only access his own stuff, ie. a cwd to / will bring
> him to /home/fred.
>
> any suggestions appreciated!
>
> /erik
>
>
>
>
>
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14114.53550.598471.753465>