how can i disable that a user loged in with ftp to see other directories (like / ), except his home directory and the directories under them. I use wu_ftp version from suse6.2. F. Dittberner
Salut Frank, first take a look at man ftpaccess: guestgroup <groupname> [<groupname> ...] If a REAL user is a member of any of <groupname>, the session is set up exactly as with anonymous FTP. In other words, a chroot() is done, and the user is no longer permitted to issue the USER and PASS commands. <groupname> is a valid group from /etc/group (or whatever mechanism your getgrent(3) library routine uses). You have to add something like guestgroup guest in your /etc/ftpaccess Second: Put the specific user in the guestgroup group (in /etc/group). Third: Add the user in your /etc/passwd man ftpaccess: The user's home directory must be properly set up, exactly as anonymous FTP would be. The home directory field of the passwd entry is divided into two directories. The first field is the root directory which will be the argu ment to the chroot(2) call. The second half is the user's home directory relative to the root directory. The two halves are separated by a "/./". Example: in /etc/passwd, the real entry: guest1:<passwd>:100:92:Guest Account:/ftp/./incoming:/bin/false When guest1 successfully logs in, the ftp server will chroot("/ftp") and then chdir("/incoming") . The guest user will only be able to access the directory structure under /ftp (which will look and act as / to guest1), just as an anonymous FTP user would. Last: Make sure, that guest1 can execute /bin/ls (e.g. by copying ls to /ftp/bin/ls, libc.so.6 to /ftp/lib, /lib/ld-linux.so.2 to /ftp/lib). That works, but I do not know if it is secure. wu.ftpd is not, so what. jops, Christoph On Mon, 1 Nov 1999, Frank Dittberner wrote: :how can i disable that a user loged in with ftp to see other directories (like / ), except his home directory and the directories under them. I use wu_ftp version from suse6.2. : :F. Dittberner : : : :-- :To unsubscribe, e-mail: suse-security-unsubscribe@suse.com :For additional commands, e-mail: suse-security-help@suse.com : --- The primary purpose of the DATA statement is to give names to constants; instead of referring to pi as 3.141592653589793 at every appearance, the variable PI can be given that value with a DATA statement and used instead of the longer form of the constant. This also simplifies modifying the program, should the value of pi change. -- FORTRAN manual for Xerox Computers
participants (2)
-
christoph.schaefer@student.uni-tuebingen.de
-
Frank Dittberner