[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] FTP Server on Linux



> I looked in the ftpaccess man page, and I tried exactly what you quote here.
> I noticed that this does not work unless you give the user a valid shell.
> Does this sound right?

Correct.  We just assign '/bin/false' as the users shell and the put an
entry in /etc/shells for it.

> Also, are there any exploits I should know about which would let them
> _around_ the security I set up here.

I don't know of any.  It truely is running in a chroot environment, so even
if they did manage to exploit something, they would just be root within
their own web site.

> I also noticed a bunch of prose about setting up security properly for other
> directories.  Would I NOT need to do this if I use the guestgroup options?

Hmm, to what in particular are you referring?  The only way to get the ftpd
to perform the chroot is by using the guestgroup option.

Ed