From owner-freebsd-questions@FreeBSD.ORG  Sun Sep 24 19:25:47 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9CA3716A407
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Sep 2006 19:25:47 +0000 (UTC)
	(envelope-from corwin@aeternal.net)
Received: from amber.aeternal.net (amber.aeternal.net [212.232.17.148])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 25F4C43D45
	for <freebsd-questions@freebsd.org>;
	Sun, 24 Sep 2006 19:25:47 +0000 (GMT)
	(envelope-from corwin@aeternal.net)
Received: from localhost (localhost.aeternal.net [127.0.0.1])
	by amber.aeternal.net (Postfix) with ESMTP id BE36FB995;
	Sun, 24 Sep 2006 21:26:17 +0200 (CEST)
X-Virus-Scanned: by amavisd-new at aeternal.net
Received: from amber.aeternal.net ([127.0.0.1])
	by localhost (amber.aeternal.net [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id C4eYp4DmE2xe; Sun, 24 Sep 2006 21:26:17 +0200 (CEST)
Received: from [127.0.0.1] (chello089173027168.chello.sk [89.173.27.168])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by amber.aeternal.net (Postfix) with ESMTP id D89ADB97B;
	Sun, 24 Sep 2006 21:26:16 +0200 (CEST)
Message-ID: <4516DBB6.3020701@aeternal.net>
Date: Sun, 24 Sep 2006 21:25:42 +0200
From: Martin Hudec <corwin@aeternal.net>
User-Agent: Thunderbird 1.5.0.7 (Windows/20060909)
MIME-Version: 1.0
To: Matt Juszczak <matt@atopia.net>
References: <20060924150810.H68311@saturn.atopia.net>
In-Reply-To: <20060924150810.H68311@saturn.atopia.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: Restricting access to home directory
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: corwin@aeternal.net
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Sep 2006 19:25:47 -0000

Hello Matt,

Matt Juszczak wrote:
> Hi all,
> 
> I would like to give a user access to my box via some kind of FTP but 
> restrict him to his home directory.
> 
> I have seen scponlyc, which supposedly can do this, but can't seem to 
> get it working.
> 
> I have also read up on protftpd + ssl, and configuring it to lock users 
> into their home directories.
> 
> What would all of you recommend as a viable secure solution to this?

First of all, scp (scponly) is not a FTP service. Nevertheless both 
options are just fine. Proftpd is able to "jail" users inside their dirs.

Settings required in proftpd.conf:

DefaultRoot ~ [group]

where ~ are their specified homedirs and group is optional (members of 
that group will be jailed to their homedirs, others will be able to 
browse everywhere, if group is not used, everybody using proftpd will be 
jailed).

Martin