From owner-freebsd-isp Tue Jul 22 14:17:49 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id OAA29035 for isp-outgoing; Tue, 22 Jul 1997 14:17:49 -0700 (PDT) Received: from panda.hilink.com.au (panda.hilink.com.au [203.8.15.25]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id OAA29023 for ; Tue, 22 Jul 1997 14:17:34 -0700 (PDT) Received: (from danny@localhost) by panda.hilink.com.au (8.8.5/8.8.5) id HAA24364; Wed, 23 Jul 1997 07:16:30 +1000 (EST) Date: Wed, 23 Jul 1997 07:16:29 +1000 (EST) From: "Daniel O'Callaghan" To: Rick Morel cc: isp@FreeBSD.ORG Subject: Re: FTP Problem In-Reply-To: <2.2.32.19970722134430.00903ea0@mail.morelr.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG X-Loop: FreeBSD.org Precedence: bulk On Tue, 22 Jul 1997, Rick Morel wrote: > I'm running Wu-FTP and can't seem to find any real info, except for the > statement that it adds security. > > Anonymous FTP is fine. Here's my problem. Users can see anything on the > machine. I did do a "chmod 711" on the /home subdir, so "backing" up one > level hides that. Of course, someone can just "cd /home" and see everything. > > Surely there's a way to prevent users from seeing/downloading things outside > their home subdir???? In ftpaccess define a guestgroup, and list the users in that group in /etc/group. The user then has no access to /bin/ls, so you need to provide ~/bin/ls for each one. A better method is to get the srcs for the latest ftpd for FreeBSD, enable INTERNAL_LS (or whatever the macro is) and put the users into /etc/ftpchroot after reading the man page. Danny