From owner-freebsd-questions  Thu Aug 22 08:53:26 1996
Return-Path: owner-questions
Received: (from root@localhost)
          by freefall.freebsd.org (8.7.5/8.7.3) id IAA23388
          for questions-outgoing; Thu, 22 Aug 1996 08:53:26 -0700 (PDT)
Received: from defiant.vhm.com (defiant.vhm.com [206.109.100.194])
          by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id IAA23381
          for <questions@freebsd.org>; Thu, 22 Aug 1996 08:53:20 -0700 (PDT)
Received: from gowron ([206.109.110.61]) by defiant.vhm.com (8.6.12/8.6.12) with SMTP id KAA02834 for <questions@freebsd.org>; Thu, 22 Aug 1996 10:49:34 -0500
Message-Id: <2.2.32.19960822155041.00696d24@mailman.vhm.com>
X-Sender: jln@mailman.vhm.com
X-Mailer: Windows Eudora Pro Version 2.2 (32)
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Date: Thu, 22 Aug 1996 10:50:41 -0500
To: questions@freebsd.org
From: Joe Nieten <jln@vhm.com>
Subject: ftpd security problem
Sender: owner-questions@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

How can I prevent a user from roaming all over my system through ftp?  I
thought ftpd did a change root to keep users from getting out of their own
directories. The user is put in their home directory initially ... however
cd /etc puts them in that directory and downloading the password file is
only a key stroke away.

I just had a user that got ahold of my password file and sold the user ids
to a marketing company and now we are getting bombarded with unsolicited
e-mail.  I've eliminated the user ... :) ... but the problem still remains.


Thanks for any advice.
Joe