Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Aug 1996 18:02:00 -0600 (MDT)
From:      Dave Andersen <>
To: (Joe Nieten)
Cc:        questions@FreeBSD.ORG
Subject:   Re: ftpd security problem
Message-ID:  <>
In-Reply-To: <> from Joe Nieten at "Aug 22, 96 10:50:41 am"

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
wuftpd will do a chroot() to their directory if you set their home 
directory up as something like:


-- it'll chroot to /home before allowing the user access.

I believe that's all explained in the wuftpd man pages, but I could be wrong.

   -Dave Andersen

Lo and behold, Joe Nieten once said:
> How can I prevent a user from roaming all over my system through ftp?  I
> thought ftpd did a change root to keep users from getting out of their own
> directories. The user is put in their home directory initially ... however
> cd /etc puts them in that directory and downloading the password file is
> only a key stroke away.
> I just had a user that got ahold of my password file and sold the user ids
> to a marketing company and now we are getting bombarded with unsolicited
> e-mail.  I've eliminated the user ... :) ... but the problem still remains.
> Thanks for any advice.
> Joe

--                Complete virtual hosting and business-oriented
system administration         Internet services.  (WWW, FTP, email)
  "There are only two industries that refer to their customers as 'users'."

Want to link to this message? Use this URL: <>