From owner-freebsd-security Sun Apr 25 1:32:38 1999 Delivered-To: freebsd-security@freebsd.org Received: from acetylene.vapornet.net (acetylene.vapornet.net [209.100.218.11]) by hub.freebsd.org (Postfix) with ESMTP id E9A5C150C3 for ; Sun, 25 Apr 1999 01:32:35 -0700 (PDT) (envelope-from john@vapornet.net) Received: from datapit.home.vapornet.net (vapornet.xnet.com. [205.243.141.107]) by acetylene.vapornet.net (8.9.3/8.9.3/VaporServer 2.01) with ESMTP id DAA06423; Sun, 25 Apr 1999 03:32:30 -0500 (CDT) (envelope from: john@vapornet.net) Received: from habanero.chili-pepper.net (habanero.chili-pepper.net [192.168.0.11]) by datapit.home.vapornet.net (8.9.3/8.9.3/VaporServer 1.4) with ESMTP id DAA12476; Sun, 25 Apr 1999 03:32:29 -0500 (CDT) (envelope from: john@vapornet.net) Received: (from john@localhost) by habanero.chili-pepper.net (8.9.3/8.9.3/VaporClient v3.1) id DAA09485; Sun, 25 Apr 1999 03:32:27 -0500 (CDT) (envelope from: john@vapornet.net) From: John Preisler MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Date: Sun, 25 Apr 1999 03:32:27 -0500 (CDT) To: erik Cc: freebsd-security@FreeBSD.ORG Subject: Re: limit ftp users to their homedir In-Reply-To: <3.0.6.32.19990425001944.00904430@chapman.karlskrona.se> References: <3.0.6.32.19990425001944.00904430@chapman.karlskrona.se> X-Mailer: VM 6.43 under 20.4 "Emerald" XEmacs Lucid Message-ID: <14114.53550.598471.753465@habanero.chili-pepper.net> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I cant find the request I just got for this info, but in order to have this capability from login.conf(5) what you need to do is: 1. cd into src/libexec/ftpd 2. [assuming a bourney shell] $ export FTPD_INTERNAL_LS=true $ make install clean hopefully now you have an ftpd with the 'ls' command built-in 3. include the following entry into your desired login class in /etc/login.conf: :ftp-chroot: 4. cap_mkdb /etc/login.conf now everyone with that login class will be chrooted into their home directory when they ftp into your machine. hope this helps -j erik writes: > > is there a way to deny a registered user access to anything but his own > homedirectory? > > it would be nice if it was the same as with anonymous access.. ie. users > who cwd to "/" , > really enters the virtual ftp root instead of the real system root. > > is this possible to do with _none anonymous_ users? > > for example: > > in a normal setup, when user foo ftps to the system, the initial directory > will be > his homedirectory. when (for some reason) he cwd to "/" he will enter the > real system root. > can you limit him to only access his own stuff, ie. a cwd to / will bring > him to /home/fred. > > any suggestions appreciated! > > /erik > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message