Re: chroot non-anonymous ftp?

From: Highbit <highbit_at_no.spam.please>
Date: Sun Sep 05 1999 - 00:06:01 CST

On Sat, Sep 04, 1999 at 11:11:59AM -0600, Les Klassen Hamm wrote:
> Greetings all,
>
> I'm wondering if I can set up ftp such that someone can have an ftp account
> on a subdir of their home directory. That wasn't clear. Here's an example.
> I have a user "joe" and I want to let him upload files to his ~/public_html
> directory and any subdirectories he wants under that. Can I limit him to
> that? I don't want him messing with his home directory, because he doesn't
> know shell account stuff at all - the account currently exists only for
> him to pop his mail from. Is there some way I can set up chroot for a
> user/password login?

yup. this explaination below is specific to the wu-ftpd, others might be different.

in /etc/ftpaccess (or whereever your install puts it) i have a line

guestgroup ftponly

so people in group "ftponly" will be treated as guests and get chrooted.
pick whatever group you want.

the other part is the change in the /etc/passwd

instead of a home directory entry of
/home/username

you'd want /home/username/public_html/./

(i just hope that the above doesnt screw up the pop mail handling, if it
intends to find mail in $HOME/Mailbox instead of /var/spool/mail/username)

the part before the . is the directory that the user will be chrooted to,
and the part after will be the home directory relative to the chroot.
eg, if you had a dir called "home" in public_html, and wanted the user
to get put in that directory, then /home/username/public_html/./home/

the other part is, notice the /etc/passwd and /bin/ls in /home/ftp ?
well, you might need to add at least the /bin/ls if you actually want
the user to get directory listings. (use the one from /home/ftp, as it
will be statically linked, and you wont have to copy over stuff to
stash in /home/username/public_html/lib

having a /home/username/public_html/etc/passwd and group is only neccessary
if the user really needs to see actuall usernames and group names instead
of the numbers.

course, for a more easier to understand explaination than my gibberish,
theres always "man ftpaccess" 

-- 
--
Mark Duguid           Saskatoon, Saskatchewan        highbit@home.com
MS-Multitasking: sliding ass over to other computer while
                 waiting for first one to (re)boot...
-
Saskatoon Linux Group Mailing List.
-
To unsubscribe, send mail to
'linux-request@slg.org' with
'unsubscribe' in the body.
Received on Sun Sep 5 00:06:01 1999

This archive was generated by hypermail 2.1.8 : Sun Jan 09 2005 - 13:53:59 CST