Date: Sun, 25 Apr 1999 09:02:41 -0600 From: Brett Glass <brett@lariat.org> To: John Preisler <john@vapornet.net>, erik <erik@chapman.karlskrona.se> Cc: freebsd-security@FreeBSD.ORG Subject: Re: limit ftp users to their homedir Message-ID: <4.2.0.32.19990425090124.0453b8e0@localhost> In-Reply-To: <14114.53550.598471.753465@habanero.chili-pepper.net> References: <3.0.6.32.19990425001944.00904430@chapman.karlskrona.se> <3.0.6.32.19990425001944.00904430@chapman.karlskrona.se>
next in thread | previous in thread | raw e-mail | index | archive | help
Note that if you don't have the full OS source on your system, you can bring in JUST the sources for ftpd and ls. This is what I frequently do when building ftpd. (Having an internal ls really should be the default, IMHO.) --Brett At 03:32 AM 4/25/99 -0500, John Preisler wrote: >I cant find the request I just got for this info, but in order to have >this capability from login.conf(5) what you need to do is: > >1. cd into src/libexec/ftpd >2. [assuming a bourney shell] > $ export FTPD_INTERNAL_LS=true > $ make install clean > >hopefully now you have an ftpd with the 'ls' command built-in > >3. include the following entry into your > desired login class in /etc/login.conf: > :ftp-chroot: > >4. cap_mkdb /etc/login.conf > >now everyone with that login class will be chrooted into their home >directory when they ftp into your machine. > > >hope this helps > >-j > > > >erik writes: > > > > is there a way to deny a registered user access to anything but his own > > homedirectory? > > > > it would be nice if it was the same as with anonymous access.. ie. users > > who cwd to "/" , > > really enters the virtual ftp root instead of the real system root. > > > > is this possible to do with _none anonymous_ users? > > > > for example: > > > > in a normal setup, when user foo ftps to the system, the initial directory > > will be > > his homedirectory. when (for some reason) he cwd to "/" he will enter the > > real system root. > > can you limit him to only access his own stuff, ie. a cwd to / will bring > > him to /home/fred. > > > > any suggestions appreciated! > > > > /erik > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > >-- > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4.2.0.32.19990425090124.0453b8e0>