Date: Tue, 27 Nov 2001 02:56:08 -0500 From: "Mit Rowe" <mitayai@dreamlabs.com> To: "FreeBSD-Stable" <freebsd-stable@freebsd.org> Cc: "Chat@Gtabug. Org" <chat@gtabug.org> Subject: ftpd, login.access and ftp-chroot Message-ID: <DBEMKGPNFGOGJHLMDNDJGEKJECAA.mitayai@dreamlabs.com>
next in thread | raw e-mail | index | archive | help
Hi, folks... I'm having some problems that i'm hoping someone here could help me with... Environment: -Production machine, heavy use -FreeBSD 4.4-STABLE (fairly recent, <1week old -Stock ftpd as shipped in inetd.conf as ftpd -l -l I'm trying to set the chroot()'ing of FTP users without using /etc/ftpchroot. "Why?" is a complicated reason, so the short answer is basically "Because the man page seems to say that i can." ;-) (If you want the long answer, feel free to ask) The ftpd man page indicates that if i set the boolean 'ftp-chroot' in /etc/login.conf then i should be able to accomplish a ftp chroot() for users in theclass in which this is defined. So, i edited the login.conf template from /usr/src/etc to insert this. *** /usr/src/etc/login.conf Sat Oct 20 17:35:56 2001 --- /etc/login.conf Tue Nov 27 02:00:49 2001 *************** *** 46,51 **** --- 46,54 ---- # standard:\ :tc=default: + web:\ + :ftp-chroot=yes:\ + :tc=default: xuser:\ :tc=default: staff:\ i then ran: cap_mkdb /etc/login.conf and then used chfn to set the "test" account's class to 'web' I ftp in as the test account, and i change to the root with "cd /" and "ls" and, at this point i should only see the files in the test account's home directory. Problem is, the directory listing is the server's root. I've run the experiment through a few times, with the same results, so i figure either: a) i'm missing something, am mis-reading something, or just haven't had enough sleep yet. (Quite possible), b) there is a bug somewhere, c) i'm reading deprecated / mis-documented man pages d) the existence of my existing /etc/ftpchroot file is complicating things. (This is not a sterile lab environment, and i don't have access to one right this moment). The standard way of chroot()'ing ftp logins is with the /etc/ftpchroot file, and During the course of this experiment, this file does exist on the server. It has one line "@clients" which chroot(0's ftp logins of everyone in that group, and is functioning as expected. I realize that to do this experiemnt properly i should try both with and without this file, but it's a production machine i'm playing with here and i'll have to wait a few hours before attempting that, else all hell will break loose ;-) Any insight or testi in another environment would be appreciated... Cheers, Mit ___________________________________________________________ Mit Rowe (Will Mitayai Keeso Rowe) Internet Services DreamLabs/Branch Media Inc. ph: 416.323.0840 ext. 262 260 Richmond St. East Suite 200 fax: 416.323.0894 Toronto, Ontario M5A 1P4 icq: 7161728 Canada mit@dreamlabs.com / mit@branchmedia.com ___________________________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?DBEMKGPNFGOGJHLMDNDJGEKJECAA.mitayai>