Re: chroot non-anonymous ftp?

From: Highbit <highbit_at_no.spam.please>
Date: Sun Sep 05 1999 - 00:06:01 CST

On Sat, Sep 04, 1999 at 11:11:59AM -0600, Les Klassen Hamm wrote:
> Greetings all,
> I'm wondering if I can set up ftp such that someone can have an ftp account
> on a subdir of their home directory. That wasn't clear. Here's an example.
> I have a user "joe" and I want to let him upload files to his ~/public_html
> directory and any subdirectories he wants under that. Can I limit him to
> that? I don't want him messing with his home directory, because he doesn't
> know shell account stuff at all - the account currently exists only for
> him to pop his mail from. Is there some way I can set up chroot for a
> user/password login?

yup. this explaination below is specific to the wu-ftpd, others might be different.

in /etc/ftpaccess (or whereever your install puts it) i have a line

guestgroup ftponly

so people in group "ftponly" will be treated as guests and get chrooted.
pick whatever group you want.

the other part is the change in the /etc/passwd

instead of a home directory entry of

you'd want /home/username/public_html/./

(i just hope that the above doesnt screw up the pop mail handling, if it
intends to find mail in $HOME/Mailbox instead of /var/spool/mail/username)

the part before the . is the directory that the user will be chrooted to,
and the part after will be the home directory relative to the chroot.
eg, if you had a dir called "home" in public_html, and wanted the user
to get put in that directory, then /home/username/public_html/./home/

the other part is, notice the /etc/passwd and /bin/ls in /home/ftp ?
well, you might need to add at least the /bin/ls if you actually want
the user to get directory listings. (use the one from /home/ftp, as it
will be statically linked, and you wont have to copy over stuff to
stash in /home/username/public_html/lib

having a /home/username/public_html/etc/passwd and group is only neccessary
if the user really needs to see actuall usernames and group names instead
of the numbers.

course, for a more easier to understand explaination than my gibberish,
theres always "man ftpaccess"

Mark Duguid           Saskatoon, Saskatchewan
MS-Multitasking: sliding ass over to other computer while
                 waiting for first one to (re)boot...
Saskatoon Linux Group Mailing List.
To unsubscribe, send mail to
'' with
'unsubscribe' in the body.
Received on Sun Sep 5 00:06:01 1999

This archive was generated by hypermail 2.1.8 : Sun Jan 09 2005 - 13:53:59 CST