[techtalk] FTP & chroot

Harald Welte laforge at sunbeam.franken.de
Tue Aug 15 21:57:59 EST 2000


On Mon, Aug 14, 2000 at 11:51:46AM -0700, Sheryl Weidner wrote:
> Hello list,
> 
> Puh-leeeeease, somebody out there, take a moment to answer this if you
> can.  
> 
> I'm running wu-ftpd on a RedHat Linux system and have a directory that

Well... I'm certainly no wuftp fan (proftpd rules!)...

> Someone else with access to the system and the authority to sign my
> invoices (mutter, mutter) changed the ownership of that directory and then
> later decided that he wanted to re-enabled the authentication process.  
> Now he is complaining that when he logs in as that user, he can change
> directories to the local system (e.g. cd /), like any normal user
> (although he has no shell access and gets the proper "access denied" error
> on important files like /etc/shadow). He doesn't remember what all he
> changed in fiddling with the system, so I'm hoping someone out there can
> tell me how I can get this chroot status back in order to make him happy.

So You want to do a chroot() to the users homedir? This is relatively easy,
although there are some general requirements to do chroot() with a ftp-daemon
which relies on external /bin/ls, etc.

Just edit the home-directory entry in /etc/passwd to something like:

user:x:111:11:Foo Bar:/pub/ftp/./:/bin/false

You have two parts. The first one is the path to chroot() into.
The second part (after the .) is the directory (relative to the first part)
the user should land after logging in.

> Thanks in advance...
> Saska

-- 
Live long and prosper
- Harald Welte / laforge at sunbeam.franken.de    http://www.sunbeam.franken.de
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- 
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)





More information about the Techtalk mailing list