From owner-freebsd-stable@FreeBSD.ORG Thu Jan 5 16:35:53 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 66D44106564A for ; Thu, 5 Jan 2012 16:35:53 +0000 (UTC) (envelope-from m.seaman@infracaninophile.co.uk) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) by mx1.freebsd.org (Postfix) with ESMTP id C15948FC08 for ; Thu, 5 Jan 2012 16:35:52 +0000 (UTC) Received: from seedling.black-earth.co.uk (seedling.black-earth.co.uk [IPv6:2001:8b0:151:1:fa1e:dfff:feda:c0bb]) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.5/8.14.5) with ESMTP id q05GZmCC082689 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Thu, 5 Jan 2012 16:35:49 GMT (envelope-from m.seaman@infracaninophile.co.uk) X-DKIM: OpenDKIM Filter v2.4.1 smtp.infracaninophile.co.uk q05GZmCC082689 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=infracaninophile.co.uk; s=201001-infracaninophile; t=1325781349; bh=CLRaF6F9trsDcgnDKodneWehe/o8z3E8f+m67Gyph9Q=; h=Message-ID:Date:From:MIME-Version:To:Subject:References: In-Reply-To:Content-Type:Cc; b=l5tX2xvfgn7CgiDPlGHZIFznAEdoK4tl3feOzOmKx+QPgfwNFcqAQKGgHm9EtCUmR E638SC83Yw6dzNDUEnG/HrNQ8LUz7k6DKrRecTJyWGItgrtO35Dcl3NxYxBRZkM8uI 5PuC3SUJ5kVlxUruH9Ng751j0UDhzx3VCWTi7GsI= Message-ID: <4F05D15E.3000604@infracaninophile.co.uk> Date: Thu, 05 Jan 2012 16:35:42 +0000 From: Matthew Seaman User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:9.0) Gecko/20111222 Thunderbird/9.0.1 MIME-Version: 1.0 To: freebsd-stable@freebsd.org References: <4F059BEA.3000508@denninger.net> <4F05A7D5.8000403@infracaninophile.co.uk> <20120105153724.GA91242@lyxys.ka.sub.org> In-Reply-To: <20120105153724.GA91242@lyxys.ka.sub.org> X-Enigmail-Version: 1.3.4 OpenPGP: id=60AE908C Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="------------enigD6DECB2A5BB37CAFDCC39057" X-Virus-Scanned: clamav-milter 0.97.3 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-2.5 required=5.0 tests=ALL_TRUSTED,AWL,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU autolearn=ham version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on lucid-nonsense.infracaninophile.co.uk Subject: Re: FTPS Server? X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 05 Jan 2012 16:35:53 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enigD6DECB2A5BB37CAFDCC39057 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 05/01/2012 15:37, Wolfgang Zenker wrote: > Well, the problem I have here is at the server side: ftp users can be > locked in a particular subtree of the file system by simply assigning > them a chrooted login class. No need to setup any infrastructure in > that subtree itself. Did not find out how to do this with sftp (we only= > allow publickey authentication with ssh at our servers) shells/scponly has an OPTION for that -- chroot'ing a user to their home directory -- but you'll need to setup some extra stuff in each user account. Happily the port comes with a rc script that does that for you.= Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matthew@infracaninophile.co.uk Kent, CT11 9PW --------------enigD6DECB2A5BB37CAFDCC39057 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.16 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk8F0WQACgkQ8Mjk52CukIw8dgCfaLCTdAVmLooq/b2M7DwJk+RF smEAnRoUCOtR1/266tHR2NCnS/4z2rcZ =m4a/ -----END PGP SIGNATURE----- --------------enigD6DECB2A5BB37CAFDCC39057--