From owner-freebsd-questions  Mon Aug 21 12:44: 7 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from diskfarm.firehouse.net (rdu25-12-043.nc.rr.com [24.25.12.43])
	by hub.freebsd.org (Postfix) with ESMTP id A35CD37B43C
	for <freebsd-questions@freebsd.org>; Mon, 21 Aug 2000 12:44:04 -0700 (PDT)
Received: (from abc@localhost)
	by diskfarm.firehouse.net (8.9.3/8.9.3) id TAA62470;
	Mon, 21 Aug 2000 19:43:51 GMT
	(envelope-from abc)
Date: Mon, 21 Aug 2000 19:43:51 +0000
From: Alan Clegg <abc@bsdi.com>
To: Bill Bunnell <bbunnell@tutsys.com>
Cc: freebsd-questions@freebsd.org
Subject: Re: Jailed environment for FTP users
Message-ID: <20000821194351.B62434@diskfarm.firehouse.net>
Mail-Followup-To: Alan Clegg <abc@bsdi.com>,
	Bill Bunnell <bbunnell@tutsys.com>, freebsd-questions@freebsd.org
References: <45BA125AAE48D311B03D00508B0CA96AC6CFB3@itsmail.tutsys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.4i
In-Reply-To: <45BA125AAE48D311B03D00508B0CA96AC6CFB3@itsmail.tutsys.com>; from bbunnell@tutsys.com on Fri, Aug 18, 2000 at 10:15:16AM -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Out of the ether, Bill Bunnell spewed forth the following bitstream:
> Can I have some help setting up a secure FTP environment.  What I am looking
> to do is have users log into my FTP server and then not be able to CD
> (change directory) back to Root.  I also do not want people to be able to
> upload files.
> 
> What files need to be edited and in what way?

'man ftpd' look for the section that reads in part:

           5.   If the user name appears in the file /etc/ftpchroot, or the
                user is a member of a group with a group entry in this file,
                i.e. one prefixed with `@', the session's root will be changed
                to the user's login directory by chroot(2) as for an
                ``anonymous'' or ``ftp'' account (see next item).  This facil-
                ity may also be triggered by enabling the boolean "ftp-chroot"
                capability in login.conf(5).  However, the user must still
                supply a password.  This feature is intended as a compromise
                between a fully anonymous account and a fully privileged ac-
                count.  The account should also be set up as for an anonymous
                account.

AlanC


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message