[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ale] FTP Server on Linux
- Subject: [ale] FTP Server on Linux
- From: matthew.brown at cordata.net (Matthew Brown)
- Date: Mon, 25 Jan 1999 10:28:36 -0500
NOTE: Please let me know in whatever way you deem appropriate if you want
this thread dropped...
I looked in the ftpaccess man page, and I tried exactly what you quote here.
I noticed that this does not work unless you give the user a valid shell.
Does this sound right?
Also, are there any exploits I should know about which would let them
_around_ the security I set up here.
I also noticed a bunch of prose about setting up security properly for other
directories. Would I NOT need to do this if I use the guestgroup options?
Thanks a million all!
----- Original Message -----
From: Ed Landa <elanda at comstar.net>
To: <ale at ale.org>
Sent: Sunday, January 24, 1999 11:57 AM
Subject: Re: [ale] FTP Server on Linux
>On Fri, Jan 22, 1999 at 01:07:25PM -0500, Matthew Brown wrote:
>> Are you saying they can snoop the whole directory tree? [I'm feeling
>> right now.]
>> How do ISPs like MindSpring prevent this activity? Aren't they also
>Depending on your FTP server, you can chroot customers into their own
>If you are using wuftpd, check out the man page 'ftpaccess'. Here is an
>excerpt from the relevant part :
> guestgroup <groupname> [<groupname> ...]
> If a REAL user is a member of any of <groupname>, the
> session is set up exactly as with anonymous FTP. In
> other words, a chroot() is done, and the user is no
> longer permitted to issue the USER and PASS commands.
> <groupname> is a valid group from /etc/group (or
> whatever mechanism your getgrent(3) library routine
> The user's home directory must be properly set up,
> exactly as anonymous FTP would be. The home direc-
> tory field of the passwd entry is divided into two
> directories. The first field is the root directory
> which will be the argument to the chroot(2) call.
> The second half is the user's home directory relative
> to the root directory. The two halves are separated
> by a "/./".