[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] FTP Server on Linux



On Fri, Jan 22, 1999 at 01:07:25PM -0500, Matthew Brown wrote:
> Are you saying they can snoop the whole directory tree? [I'm feeling obtuse
> right now.]
> 
> How do ISPs like MindSpring prevent this activity?  Aren't they also
> *NIX-based?

Depending on your FTP server, you can chroot customers into their own
directories.

If you are using wuftpd, check out the man page 'ftpaccess'.  Here is an
excerpt from the relevant part :

       guestgroup <groupname> [<groupname> ...]
            If a REAL user is a member of any of <groupname>, the
            session  is set up exactly as with anonymous FTP.  In
            other words, a chroot() is done, and the user  is  no
            longer permitted to issue the USER and PASS commands.
            <groupname> is a  valid  group  from  /etc/group  (or
            whatever  mechanism  your getgrent(3) library routine
            uses).

            The user's home directory must be  properly  set  up,
            exactly  as  anonymous FTP would be.  The home direc-
            tory field of the passwd entry is  divided  into  two
            directories.   The  first field is the root directory
            which will be the argument  to  the  chroot(2)  call.
            The second half is the user's home directory relative
            to the root directory.  The two halves are  separated
            by a "/./".