Date: Fri, 12 Dec 2008 23:01:16 +0800 From: "Nguyen Tam Chinh" <unixvn@gmail.com> To: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: ftpd not chroot'ing Message-ID: <64b284310812120701tfcb5a51r6b8a293241f09af9@mail.gmail.com> In-Reply-To: <494162D7.4010500@gmail.com> References: <494162D7.4010500@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Dec 12, 2008 at 2:58 AM, Gunther Mayer <gunther.mayer@googlemail.com> wrote: > Hi guys, > > I'm trying to set up a really simple, single account write only ftp service. > So I put > > ftpd_enable="YES" > ftpd_flags="-o -d" > > in my rc.conf and started the ftp server. Now I have a special password > enabled user account called "camera" (none of the other accounts have > passwords, all logins are either remote ssh with keys or local terminal > access with root) with login shell /bin/sh. > > So far so good. All I want to do now is now use the chroot facility of ftpd > so that when user "camera" logs in ftpd will chroot the session to its home > directory (/home/camera). man ftpd and man ftpchroot tells me to put > something like > > camera yes > > in /etc/ftpchroot. But once I do that I always get: > > $ ftp myserver.mydomain.com > Connected to myserver.mydomain.com > 220 myserver FTP server (Version 6.00LS) ready. > Name (mypc:test): camera > 331 Password required for camera. > Password: > 550 Can't change root. > Login failed. > ftp> quit > 221 Goodbye. > > If I disable that line in /etc/ftpchroot by commenting it out I can log in > perfectly fine though. Even debug log messages (-d) don't tell me anything > more than "can't change root" :-( > > The alternative as stated by "man ftpd" - putting a ":ftp-chroot=true:" in > /etc/login.conf and doing a cap_mkdb /etc/login.conf seems to make no > difference as no chroot is in effect (I can still cd .. and get to /home). > > What am I doing wrong? > > Gunther > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > Try to put just username there, no need to put "yes". -- With best regards, Chinh Nguyen *********************************** FreeBSD - The Power to Serve
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64b284310812120701tfcb5a51r6b8a293241f09af9>