Date: Thu, 11 Dec 2008 20:58:31 +0200 From: Gunther Mayer <gunther.mayer@googlemail.com> To: freebsd-questions@freebsd.org Subject: ftpd not chroot'ing Message-ID: <494162D7.4010500@gmail.com>
next in thread | raw e-mail | index | archive | help
Hi guys, I'm trying to set up a really simple, single account write only ftp service. So I put ftpd_enable="YES" ftpd_flags="-o -d" in my rc.conf and started the ftp server. Now I have a special password enabled user account called "camera" (none of the other accounts have passwords, all logins are either remote ssh with keys or local terminal access with root) with login shell /bin/sh. So far so good. All I want to do now is now use the chroot facility of ftpd so that when user "camera" logs in ftpd will chroot the session to its home directory (/home/camera). man ftpd and man ftpchroot tells me to put something like camera yes in /etc/ftpchroot. But once I do that I always get: $ ftp myserver.mydomain.com Connected to myserver.mydomain.com 220 myserver FTP server (Version 6.00LS) ready. Name (mypc:test): camera 331 Password required for camera. Password: 550 Can't change root. Login failed. ftp> quit 221 Goodbye. If I disable that line in /etc/ftpchroot by commenting it out I can log in perfectly fine though. Even debug log messages (-d) don't tell me anything more than "can't change root" :-( The alternative as stated by "man ftpd" - putting a ":ftp-chroot=true:" in /etc/login.conf and doing a cap_mkdb /etc/login.conf seems to make no difference as no chroot is in effect (I can still cd .. and get to /home). What am I doing wrong? Gunther
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?494162D7.4010500>