From owner-freebsd-security Sun Apr 25 8: 9:19 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 344E9152F2 for ; Sun, 25 Apr 1999 08:09:16 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang.lariat.org (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id JAA08921; Sun, 25 Apr 1999 09:07:57 -0600 (MDT) Message-Id: <4.2.0.32.19990425090124.0453b8e0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.32 (Beta) Date: Sun, 25 Apr 1999 09:02:41 -0600 To: John Preisler , erik From: Brett Glass Subject: Re: limit ftp users to their homedir Cc: freebsd-security@FreeBSD.ORG In-Reply-To: <14114.53550.598471.753465@habanero.chili-pepper.net> References: <3.0.6.32.19990425001944.00904430@chapman.karlskrona.se> <3.0.6.32.19990425001944.00904430@chapman.karlskrona.se> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Note that if you don't have the full OS source on your system, you can bring in JUST the sources for ftpd and ls. This is what I frequently do when building ftpd. (Having an internal ls really should be the default, IMHO.) --Brett At 03:32 AM 4/25/99 -0500, John Preisler wrote: >I cant find the request I just got for this info, but in order to have >this capability from login.conf(5) what you need to do is: > >1. cd into src/libexec/ftpd >2. [assuming a bourney shell] > $ export FTPD_INTERNAL_LS=true > $ make install clean > >hopefully now you have an ftpd with the 'ls' command built-in > >3. include the following entry into your > desired login class in /etc/login.conf: > :ftp-chroot: > >4. cap_mkdb /etc/login.conf > >now everyone with that login class will be chrooted into their home >directory when they ftp into your machine. > > >hope this helps > >-j > > > >erik writes: > > > > is there a way to deny a registered user access to anything but his own > > homedirectory? > > > > it would be nice if it was the same as with anonymous access.. ie. users > > who cwd to "/" , > > really enters the virtual ftp root instead of the real system root. > > > > is this possible to do with _none anonymous_ users? > > > > for example: > > > > in a normal setup, when user foo ftps to the system, the initial directory > > will be > > his homedirectory. when (for some reason) he cwd to "/" he will enter the > > real system root. > > can you limit him to only access his own stuff, ie. a cwd to / will bring > > him to /home/fred. > > > > any suggestions appreciated! > > > > /erik > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > >-- > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message