Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 25 Apr 1999 03:32:27 -0500 (CDT)
From:      John Preisler <john@vapornet.net>
To:        erik <erik@chapman.karlskrona.se>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: limit ftp users to their homedir
Message-ID:  <14114.53550.598471.753465@habanero.chili-pepper.net>
In-Reply-To: <3.0.6.32.19990425001944.00904430@chapman.karlskrona.se>
References:  <3.0.6.32.19990425001944.00904430@chapman.karlskrona.se>
next in thread | previous in thread | raw e-mail | index | archive | help 



I cant find the request I just got for this info, but in order to have 
this capability from login.conf(5) what you need to do is:

1.  cd into src/libexec/ftpd
2.  [assuming a bourney shell]
    $ export FTPD_INTERNAL_LS=true
    $ make install clean

hopefully now you have an ftpd with the 'ls' command built-in

3.  include the following entry into your
    desired login class in /etc/login.conf:
      :ftp-chroot:

4.  cap_mkdb /etc/login.conf

now everyone with that login class will be chrooted into their home
directory when they ftp into your machine.


hope this helps

-j



erik writes:
 > 
 > is there a way to deny a registered user access to anything but his own
 > homedirectory?
 > 
 > it would be nice if it was the same as with anonymous access.. ie. users
 > who cwd to "/" , 
 > really enters the virtual ftp root instead of the real system root.
 > 
 > is this possible to do with _none anonymous_ users? 
 > 
 > for example:
 > 
 > in a normal setup, when user foo ftps to the system, the initial directory
 > will be
 > his homedirectory. when (for some reason) he cwd to "/" he will enter the
 > real system root.
 > can you limit him to only access his own stuff, ie. a cwd to / will bring
 > him to /home/fred.
 > 
 > any suggestions appreciated!
 > 
 > /erik
 > 
 > 
 > 
 > 
 > 
 > To Unsubscribe: send mail to majordomo@FreeBSD.org
 > with "unsubscribe freebsd-security" in the body of the message

-- 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14114.53550.598471.753465>