From owner-freebsd-questions@FreeBSD.ORG Thu Dec 11 19:30:44 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 6BF361065670 for ; Thu, 11 Dec 2008 19:30:44 +0000 (UTC) (envelope-from gunther.mayer@googlemail.com) Received: from fg-out-1718.google.com (fg-out-1718.google.com [72.14.220.159]) by mx1.freebsd.org (Postfix) with ESMTP id EE8308FC08 for ; Thu, 11 Dec 2008 19:30:43 +0000 (UTC) (envelope-from gunther.mayer@googlemail.com) Received: by fg-out-1718.google.com with SMTP id l26so529324fgb.35 for ; Thu, 11 Dec 2008 11:30:42 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:user-agent :mime-version:to:subject:content-type:content-transfer-encoding:from; bh=8c2TdADRQmkp5pwtm+D13ouxBqYJ/EBTf5RPeMwkmJ8=; b=BeTFlrBVGNWWV9BwFoXmpuBWTVfhtUWdM/TGYbcOkRIUSqYJQTXxqbqAvX4cyKQ3aB t9s7wadxfwBYDB6SvfusDn1XA/H4iVoG/AX9ib3GVjYijEgrFvZ2m1N2xsBKcmP9CYPc uFl07zMfMIByEUuqjwVo9yl8kLJ9fu1oLNrQ8= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:user-agent:mime-version:to:subject:content-type :content-transfer-encoding:from; b=dF31pnqP7ZtBuK3y/0lPCeu9fdENswOhBuShYSpG8OMs867TdooJ5kiIVvvg3hr5YT CgEk837myP9UXKN39ksfybHAZ3wpbW+Ttc4e2ImuTnEPbKLYODhrMELwe9wYmQM9PXPL NpoAepVJnZGxRQ5p8ipOiVPDlRHW/mLGdOVBk= Received: by 10.86.59.18 with SMTP id h18mr1458902fga.31.1229021916336; Thu, 11 Dec 2008 10:58:36 -0800 (PST) Received: from ?172.25.0.140? ([196.7.14.186]) by mx.google.com with ESMTPS id 12sm1598837fgg.58.2008.12.11.10.58.34 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 11 Dec 2008 10:58:35 -0800 (PST) Message-ID: <494162D7.4010500@gmail.com> Date: Thu, 11 Dec 2008 20:58:31 +0200 User-Agent: Thunderbird 2.0.0.18 (X11/20081125) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit From: Gunther Mayer Subject: ftpd not chroot'ing X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Dec 2008 19:30:44 -0000 Hi guys, I'm trying to set up a really simple, single account write only ftp service. So I put ftpd_enable="YES" ftpd_flags="-o -d" in my rc.conf and started the ftp server. Now I have a special password enabled user account called "camera" (none of the other accounts have passwords, all logins are either remote ssh with keys or local terminal access with root) with login shell /bin/sh. So far so good. All I want to do now is now use the chroot facility of ftpd so that when user "camera" logs in ftpd will chroot the session to its home directory (/home/camera). man ftpd and man ftpchroot tells me to put something like camera yes in /etc/ftpchroot. But once I do that I always get: $ ftp myserver.mydomain.com Connected to myserver.mydomain.com 220 myserver FTP server (Version 6.00LS) ready. Name (mypc:test): camera 331 Password required for camera. Password: 550 Can't change root. Login failed. ftp> quit 221 Goodbye. If I disable that line in /etc/ftpchroot by commenting it out I can log in perfectly fine though. Even debug log messages (-d) don't tell me anything more than "can't change root" :-( The alternative as stated by "man ftpd" - putting a ":ftp-chroot=true:" in /etc/login.conf and doing a cap_mkdb /etc/login.conf seems to make no difference as no chroot is in effect (I can still cd .. and get to /home). What am I doing wrong? Gunther