From owner-freebsd-questions Tue Dec 19 9:42:10 2000 From owner-freebsd-questions@FreeBSD.ORG Tue Dec 19 09:42:07 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mail2.wmptl.com (mail2.wmptl.com [216.94.6.26]) by hub.freebsd.org (Postfix) with ESMTP id 6244737B400 for ; Tue, 19 Dec 2000 09:42:06 -0800 (PST) Received: (from apache@localhost) by mail2.wmptl.com (8.9.3/8.9.3) id MAA98012; Tue, 19 Dec 2000 12:59:47 -0500 (EST) (envelope-from webmaster@wmptl.com) Date: Tue, 19 Dec 2000 12:59:47 -0500 (EST) Message-Id: <200012191759.MAA98012@mail2.wmptl.com> From: "Nathan Vidican" To: "Jason Halbert" Cc: questions@freebsd.org Subject: Re: FTP only user X-Mailer: NeoMail 1.20 X-IPAddress: 208.6.78.243 MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG > Hi everyone: > > I need to create a user that has very restricted access to the system. > I need to allow access to my ftp to a lot of people but these people > don't need access to telnet or ssh or any other service on my box. I > would like to limit the user that way, as well as another way. I > would also like to limit the user in what they can see. Is it > possible to not allow the user to cd out of its home directory? I > don't want them seeing anything outside of that dir if possible. > > Any ideas on how to get started? > > Thanks in Advance > > --- > ------------------------------------------------------- > | Jason P. Halbert | res02jw5@gte.net | > | Transmitter Maintenance Engineer | DALnet: Push^Pop | > | KC5WEG | ICQ#: 86637300 | > | KDAF-TV WB 33 | (214) 252-3300 | > | KDTX-TV 58 | (972) 399-0058 | > ------------------------------------------------------- > | Fortune favors the well prepared. | > | http://jason-n3xt.org | > ------------------------------------------------------- > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > > To limit the users ONLY to their homedirectory and above, you must simply chroot them. Edit /etc/ftpchroot, add the users (one per line) to this file to accomplish this. If the user's don't already exist, I'd highly reccomend creating a new group, and assigning all of said users to this group, and then just add that group to /etc/ftpchroot. You might also want to read 'man ftpd', it will tell you about all of this stuff. As far as limiting the users from being able to telnet/ssh, unfortunately, (as far as I know anyhow), a user must have a valid shell in order for ftpd to authenticate said user. I usually just their login scripts and make them so the user cannot change them so as to log them out immediately if they attempt telnet/rlogin/ssh logins. Again, highly suggest you try reading the manpage for ftpd, (type in: 'man ftpd' at the command prompt). -- Nathan Vidican webmaster@wmptl.com Windsor Match Plate & Tool Ltd. http://www.wmptl.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message