Date: Thu, 22 Aug 1996 18:02:00 -0600 (MDT) From: Dave Andersen <angio@aros.net> To: jln@vhm.com (Joe Nieten) Cc: questions@FreeBSD.ORG Subject: Re: ftpd security problem Message-ID: <199608230002.SAA04608@shell.aros.net> In-Reply-To: <2.2.32.19960822155041.00696d24@mailman.vhm.com> from Joe Nieten at "Aug 22, 96 10:50:41 am"
next in thread | previous in thread | raw e-mail | index | archive | help
wuftpd will do a chroot() to their directory if you set their home directory up as something like: /home/./a/angio -- it'll chroot to /home before allowing the user access. I believe that's all explained in the wuftpd man pages, but I could be wrong. -Dave Andersen Lo and behold, Joe Nieten once said: > How can I prevent a user from roaming all over my system through ftp? I > thought ftpd did a change root to keep users from getting out of their own > directories. The user is put in their home directory initially ... however > cd /etc puts them in that directory and downloading the password file is > only a key stroke away. > > I just had a user that got ahold of my password file and sold the user ids > to a marketing company and now we are getting bombarded with unsolicited > e-mail. I've eliminated the user ... :) ... but the problem still remains. > > > Thanks for any advice. > Joe > -- angio@aros.net Complete virtual hosting and business-oriented system administration Internet services. (WWW, FTP, email) http://www.aros.net/ http://www.aros.net/about/virtual "There are only two industries that refer to their customers as 'users'."
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199608230002.SAA04608>