From owner-freebsd-isp Mon Oct 11 14:36:56 1999 Delivered-To: freebsd-isp@freebsd.org Received: from bsdie.rwsystems.net (bsdie.rwsystems.net [209.197.223.2]) by hub.freebsd.org (Postfix) with ESMTP id E700515A36 for ; Mon, 11 Oct 1999 14:36:52 -0700 (PDT) (envelope-from jwyatt@rwsystems.net) Received: from bsdie.rwsystems.net([209.197.223.2]) (2349 bytes) by bsdie.rwsystems.net via sendmail with P:esmtp/R:bind_hosts/T:inet_zone_bind_smtp (sender: ) id for ; Mon, 11 Oct 1999 16:30:10 -0500 (CDT) (Smail-3.2.0.106 1999-Mar-31 #1 built 1999-Aug-7) Date: Mon, 11 Oct 1999 16:30:10 -0500 (CDT) From: James Wyatt To: Ryan Thompson Cc: freebsd-isp@freebsd.org Subject: Re: Chroot and ~/bin, ~/etc. Better way? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org We considered having all the ftpgroup users share ~/bin and ~/etc dirs with linked copys of the files, but figured that if anyone of them could somehow find a way to update their /bin/ls or something, they could trojan it for the others. They could also try cracking the other accounts if they knew of them in the shared password file - though they wouldn't have the crypted passwords. Obviously symlinks wouldn't work in a chroot()ed env. We also couldn't think of anything better to support users changing their own passwords than having /bin/passwd as their shell. EDI users usually don't change their passwords often anyway... Having something that copied a common one to all user dirsets in the ftpuser group was the best we could think of at the time... - Jy@ On Mon, 11 Oct 1999, Ryan Thompson wrote: > Hi everybody; Hi Dr. Nick! (for Simpsons fans) > If this message looks a tad familiar, I posted a similar one to -questions > a couple of weeks ago or so. I'm just trying again :-) > > Basically, I'm just looking for an easier solution for maintaining the bin > and etc directories in user directories. The ~/bin directory isn't bad, > as global changes to these directories are seldom at best on my system. > ~/etc, however, must be updated every time the password file is changed, > and I update my (ftp)motd files semi-frequently, as well. The majority of > my users have ftp accounts only, (thus, chroot is done by ftpd), but there > are still a few with shell accounts. > > Is there a way to maintain ONE copy of /bin and /etc and have it apply to > all chroot'd users? Perhaps I DO need to write a script to periodically > sync the home direcories' copies with my master copy. I would hope for a > more elegant solution, though. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message