Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Aug 1996 18:02:00 -0600 (MDT)
From:      Dave Andersen <angio@aros.net>
To:        jln@vhm.com (Joe Nieten)
Cc:        questions@FreeBSD.ORG
Subject:   Re: ftpd security problem
Message-ID:  <199608230002.SAA04608@shell.aros.net>
In-Reply-To: <2.2.32.19960822155041.00696d24@mailman.vhm.com> from Joe Nieten at "Aug 22, 96 10:50:41 am"

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
wuftpd will do a chroot() to their directory if you set their home 
directory up as something like:

/home/./a/angio

-- it'll chroot to /home before allowing the user access.

I believe that's all explained in the wuftpd man pages, but I could be wrong.

   -Dave Andersen

Lo and behold, Joe Nieten once said:
> How can I prevent a user from roaming all over my system through ftp?  I
> thought ftpd did a change root to keep users from getting out of their own
> directories. The user is put in their home directory initially ... however
> cd /etc puts them in that directory and downloading the password file is
> only a key stroke away.
> 
> I just had a user that got ahold of my password file and sold the user ids
> to a marketing company and now we are getting bombarded with unsolicited
> e-mail.  I've eliminated the user ... :) ... but the problem still remains.
> 
> 
> Thanks for any advice.
> Joe
> 


-- 
angio@aros.net                Complete virtual hosting and business-oriented
system administration         Internet services.  (WWW, FTP, email)
http://www.aros.net/          http://www.aros.net/about/virtual
  "There are only two industries that refer to their customers as 'users'."




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199608230002.SAA04608>