Subject: Re: FTP Chroot in the damn body of the email! SHEESH!
From: AK_Bear (akbear@akbearsden.com)
Date: Thu Sep 18 2003 - 18:37:48 AKDT
Why not put it on a website so that everyone can read the document there?
If you want, I'll host it on my website if you want to email the document directly to me and
then I will post the weblink to all for them to read it.
Ted Montgomery
The Alaskan Bear's Den
On Thu, Sep 18, 2003 at 05:25:00PM -0800, Jon Reynolds wrote:
>
> How to allow ftp access to specific directory
>
> and deny remote access for ftpuser.
>
>
> First, we need to setup a bogus shell so ftp users don't have access to the system from other types of programs e.g. ssh, telnet, etc.
>
> As the super user 'root' type this at the command line:
>
> echo '/bin/ftponly' >> /etc/shells
>
> Now we add our new ftponly shell. Do this by creating a dummy shell for
> the ftp user. To do this, open up your favorite editor and create a file
> with this text in it:
>
>
> !#/bin/sh -p
>
> echo ???This account is currently not available???
>
> exit 1
>
>
>
>
> Save this file with the filename 'ftponly' and save it in the '/bin/
> directory.
>
> Now issue this command on our newly created ftponly shell:
>
>
> chmod +x /bin/ftponly
>
>
> Send the system 'init' the sighup signal so that it reads our changes:
>
>
> kill -sighup 1 ('init' always has the pid of 1)
>
>
> Now we add our ftp user using the 'adduser' command. Two things to note
> when adding your ftpuser. After it asks you to put in the new username
> and full username, answer the next two questions with the following
> answers:
>
> When it asks you what shell to use, answer with 'ftponly'.
>
>
> The next questions asks you to give the new user a home directory. Give
> the path to the directory that you want your ftpuser to have, e.g.
> /usr/local/ftpuser.
>
>
> Now all we need to do is add our new user to the '/etc/ftpchroot' file.
> To do this we simply echo the new user into the file.
>
>
> echo <username> >> /etc/ftpchroot
>
>
> After the echo command we issue the 'cat' command to the
> '/etc/ftpchroot/ file.
>
>
> cat /etc/ftpchroot
>
>
> Now our new user can log in and only access their "home" directory and
> it
>
> is seen as /. They cannot traverse our filesystem by issueing the
> command 'cd /' as it will only take them back to their ''home''
> directory as defined by the 'adduser' command. Also, our new ftpuser can
> only ftp into our system and has no other access to the system other
> than ftp.
>
> Jon
>
>
> ---------
> To unsubscribe, send email to <aklug-request@aklug.org>
> with 'unsubscribe' in the message body.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
This archive was generated by hypermail 2a23 : Thu Sep 18 2003 - 18:37:53 AKDT