Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 25 Apr 1999 09:02:41 -0600
From:      Brett Glass <brett@lariat.org>
To:        John Preisler <john@vapornet.net>, erik <erik@chapman.karlskrona.se>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: limit ftp users to their homedir
Message-ID:  <4.2.0.32.19990425090124.0453b8e0@localhost>
In-Reply-To: <14114.53550.598471.753465@habanero.chili-pepper.net>
References:  <3.0.6.32.19990425001944.00904430@chapman.karlskrona.se> <3.0.6.32.19990425001944.00904430@chapman.karlskrona.se>

next in thread | previous in thread | raw e-mail | index | archive | help
Note that if you don't have the full OS source on your system, you
can bring in JUST the sources for ftpd and ls. This is what I
frequently do when building ftpd. (Having an internal ls
really should be the default, IMHO.)

--Brett

At 03:32 AM 4/25/99 -0500, John Preisler wrote:



>I cant find the request I just got for this info, but in order to have 
>this capability from login.conf(5) what you need to do is:
>
>1.  cd into src/libexec/ftpd
>2.  [assuming a bourney shell]
>    $ export FTPD_INTERNAL_LS=true
>    $ make install clean
>
>hopefully now you have an ftpd with the 'ls' command built-in
>
>3.  include the following entry into your
>    desired login class in /etc/login.conf:
>      :ftp-chroot:
>
>4.  cap_mkdb /etc/login.conf
>
>now everyone with that login class will be chrooted into their home
>directory when they ftp into your machine.
>
>
>hope this helps
>
>-j
>
>
>
>erik writes:
> > 
> > is there a way to deny a registered user access to anything but his own
> > homedirectory?
> > 
> > it would be nice if it was the same as with anonymous access.. ie. users
> > who cwd to "/" , 
> > really enters the virtual ftp root instead of the real system root.
> > 
> > is this possible to do with _none anonymous_ users? 
> > 
> > for example:
> > 
> > in a normal setup, when user foo ftps to the system, the initial directory
> > will be
> > his homedirectory. when (for some reason) he cwd to "/" he will enter the
> > real system root.
> > can you limit him to only access his own stuff, ie. a cwd to / will bring
> > him to /home/fred.
> > 
> > any suggestions appreciated!
> > 
> > /erik
> > 
> > 
> > 
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
>
>-- 
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.32.19990425090124.0453b8e0>