From owner-freebsd-questions Sun May 27 10:17:16 2001 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-65-26-235-186.mmcable.com [65.26.235.186]) by hub.freebsd.org (Postfix) with SMTP id 4E14237B422 for ; Sun, 27 May 2001 10:17:13 -0700 (PDT) (envelope-from mwm@mired.org) Received: (qmail 5352 invoked by uid 100); 27 May 2001 17:17:12 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15121.13975.857231.124547@guru.mired.org> Date: Sun, 27 May 2001 12:17:11 -0500 To: "Lim Seng Chor" Cc: questions@freebsd.org, jbiquez@icsmx.com Subject: Re: Advice on ISP services Please. In-Reply-To: <3B11A3FD.6507.AD6F41D@localhost> References: <84326547@toto.iv> <3B11A3FD.6507.AD6F41D@localhost> X-Mailer: VM 6.90 under 21.1 (patch 14) "Cuyahoga Valley" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Lim Seng Chor types: > On 27 May 2001, at 9:14, Mike Meyer wrote: > > > Lim Seng Chor types: > > > On 26 May 2001, at 23:01, Jorge Biquez wrote: > > > > > > > > > > - How to restrict the access of FTP to only the specified > > > > directory > > > of > > > > the user. And that they can not see other users directories. - > > > > > > try look for chroot'ed ftp (http://ftp.eenet.ee/LDP/HOWTO/mini/FTP- > > > 6.html) or play around with file/directory permision (if you know > > > how to play with r, w, and x) > > > > chroot also keeps them out of system directories. You can use group > > permissions to keep them out of other users directories by putting > > each user in their own group, and making the directory owned by the > > group that the public servers run as, mode 750. You can't use > > file/directory permissions to shut users out of the rest of the > > system. > > chown -R root.wheel /usr > chmod 700 /usr > chmod 700 /var > chmod 711 /etc > chmod 711 / You've just made the system unusable to normal users - nothing in /usr/bin, /usr/local, and so on can be used by anyone but root. This is not good. > place the necessary binaries (compiled with static library) in > /home (not /usr/home), and do chroot..since it is only allow for ftp > access. If you're going to copy binaries and chroot, there's no need to play with the permissions at all. chroot restricts users to the subtree chrooted to, all by itself. http://www.mired.org/home/mwm/ Independent WWW/Perforce/FreeBSD/Unix consultant, email for more information. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message