ftpchroot syntax - BSD

This is a discussion on ftpchroot syntax - BSD ; _____ Hello, Using OBSD 3.6 generic. Have several user IDs set up. Want to allow ftp access to common area such as /var/spool/pub, but at same time use /etc/ftpchroot file to "lock up" users in this directory. What is correct ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: ftpchroot syntax

  1. ftpchroot syntax

    _____
    Hello,

    Using OBSD 3.6 generic. Have several user IDs set up. Want to allow
    ftp access to common area such as /var/spool/pub, but at same time use
    /etc/ftpchroot file to "lock up" users in this directory. What is
    correct syntax in /etc/ftpchroot file, and what are correct options for
    /usr/libexec/ftpd ?

    Currently ftpchroot contains:
    # $OpenBSD: ftpchroot,v 1.3 1996/07/18 12:12:47 deraadt Exp $
    #
    # list of users (one per line) given ftp access to a chrooted area.
    # read by ftpd(8).
    #
    # list permitted users
    #
    user_1
    user_2
    user_3

    and am running ftpd like this:

    /usr/libexec/ftpd -l -l -n -D

    The above setup causes users being locked into their home directory, and
    this is almost what i need. The man page for ftpd is not clear enough
    for me. I also checked the FreeBSD Handbook. The ftpchroot file can
    specify a directory after the user name, but that does not seem to work
    with OBSD.

    Regards / JCH


  2. Re: ftpchroot syntax

    jch wrote in news:1mT7f.306433$1i.102995@pd7tw2no:

    > ...
    > The above setup causes users being locked into their home directory, and
    > this is almost what i need. The man page for ftpd is not clear enough
    > for me.


    Have you looked at the end, for ftp-dir ?

    LOGIN.CONF VARIABLES
    The ftpd daemon uses the following ftp specific parameters:

    ftp-dir A path to a directory. This value overrides the login direc-
    tory for users in this class.

  3. Re: ftpchroot syntax

    Peter Strömberg wrote:
    > jch wrote in news:1mT7f.306433$1i.102995@pd7tw2no:
    >
    >
    >>...
    >>The above setup causes users being locked into their home directory, and
    >>this is almost what i need. The man page for ftpd is not clear enough
    >>for me.

    >
    >
    > Have you looked at the end, for ftp-dir ?
    >
    > LOGIN.CONF VARIABLES
    > The ftpd daemon uses the following ftp specific parameters:
    >
    > ftp-dir A path to a directory. This value overrides the login direc-
    > tory for users in this class.

    _____
    Thanks, will check it out. Man page for login.conf is even more
    confusing. Need clear examples.

    / JCH


  4. Re: ftpchroot syntax

    Peter Strömberg wrote:
    > jch wrote in news:1mT7f.306433$1i.102995@pd7tw2no:
    >
    >
    >>...
    >>The above setup causes users being locked into their home directory, and
    >>this is almost what i need. The man page for ftpd is not clear enough
    >>for me.

    >
    >
    > Have you looked at the end, for ftp-dir ?
    >
    > LOGIN.CONF VARIABLES
    > The ftpd daemon uses the following ftp specific parameters:
    >
    > ftp-dir A path to a directory. This value overrides the login direc-
    > tory for users in this class.


    1) Removed all user names from the /etc/ftpchroot file

    2) Added two lines to /etc/login.conf:
    ....
    ....
    ....
    ....
    :tc=auth-defaults:\
    :tc=auth-ftp-defaults:\
    :ftp-chroot:\ <-new
    :ftp-dir=/var/pub: <-new

    The effect is that users are chrooted in their home directories, but the
    ftp_dir instruction is ignored.

    Any more ideas ?

    / JCH




  5. Re: ftpchroot syntax

    jch wrote in news:UYh8f.333887$tl2.260840@pd7tw3no:

    >
    > 1) Removed all user names from the /etc/ftpchroot file
    >
    > 2) Added two lines to /etc/login.conf:
    > ...
    > ...
    > ...
    > ...
    > :tc=auth-defaults:\
    > :tc=auth-ftp-defaults:\
    > :ftp-chroot:\ <-new
    > :ftp-dir=/var/pub: <-new
    >
    > The effect is that users are chrooted in their home directories, but
    > the ftp_dir instruction is ignored.


    ftp-dir

    >
    > Any more ideas ?


    works here (tm) ...

    hmm, try setting it to an non-existing dir, you should get an error when
    trying to log in

  6. Re: ftpchroot syntax

    Peter Strömberg wrote:

    >>1) Removed all user names from the /etc/ftpchroot file
    >>
    >>2) Added two lines to /etc/login.conf:
    >>...
    >>...
    >>...
    >>...
    >> :tc=auth-defaults:\
    >> :tc=auth-ftp-defaults:\
    >> :ftp-chroot:\ <-new
    >> :ftp-dir=/var/pub: <-new
    >>
    >>The effect is that users are chrooted in their home directories, but
    >>the ftp_dir instruction is ignored.

    >
    >
    > ftp-dir
    >
    >
    >>Any more ideas ?

    >
    >
    > works here (tm) ...
    >
    > hmm, try setting it to an non-existing dir, you should get an error when
    > trying to log in

    _____
    I set :ftp-dir=/var/pubb: . This directory does _not_exist. Can log
    in, do _not_ get errors, users wind up in their own directory, and
    cannot access anything else on the system (as it should be). I must be
    missing something somewhere. Can you post the relevant contents of your
    config files please ?

    / JCH


  7. Re: ftpchroot syntax

    jch wrote in news:8cyaf.401898$tl2.19258@pd7tw3no:

    > I set :ftp-dir=/var/pubb: . This directory does _not_exist. Can log
    > in, do _not_ get errors, users wind up in their own directory, and
    > cannot access anything else on the system (as it should be). I must
    > be missing something somewhere. Can you post the relevant contents of
    > your config files please ?


    [back from Venice]

    The only file I edit is login.conf, either default or staff (my login
    class)

    bagheera:~ $ ftp -n 127.0.0.1
    Connected to 127.0.0.1.
    220 bagheera.wilfried.net FTP server (Version 6.6/OpenBSD) ready.
    ftp> user
    (username) wilfried
    331 Password required for wilfried.
    Password:
    230- OpenBSD 3.8-current (MOWGLI) #130: Mon Nov 7 19:25:30 CET 2005
    230- [motd]
    230 User wilfried logged in.
    ftp> pwd
    257 "/home/wilfried" is current directory.
    ftp> quit
    221 Goodbye.

    [edit /etc/login.conf]
    [ :ftp-chroot:ftp-dir=/var/tmp: ]

    bagheera:~ $ ftp -n 127.0.0.1
    Connected to 127.0.0.1.
    220 bagheera.wilfried.net FTP server (Version 6.6/OpenBSD) ready.
    ftp> user
    (username) wilfried
    331 Password required for wilfried.
    Password:
    230 User wilfried logged in.
    ftp> pwd
    257 "/" is current directory.
    ftp> ls
    229 Entering Extended Passive Mode (|||64419|)
    150 Opening ASCII mode data connection for '/bin/ls'.
    total 29912
    [files from /var/tmp}
    226 Transfer complete.
    ftp> quit
    221 Goodbye.

    [edit /etc/login.conf]
    [ :ftp-chroot:ftp-dir=/var/tmpp: ]

    bagheera:~ $ ftp -n 127.0.0.1
    Connected to 127.0.0.1.
    220 bagheera.wilfried.net FTP server (Version 6.6/OpenBSD) ready.
    ftp> user
    (username) wilfried
    331 Password required for wilfried.
    Password:
    550 Can't change root.
    Login failed.
    ftp> quit
    530 Please reconnect to work as another user

  8. Re: ftpchroot syntax

    Help

    Ok, I've always sort of been confused by this. When you say (a
    quoted below), "cannot access anything else", what exactly do yo
    mean by cannot access

    My goal, primarily for anonymous ftp users, is to restrict them to th
    "/var/ftp/pub" directory and below

    As in I do not want them to be able to "cd .." and view/access th
    "/var/ftp/bin" or the "/var/ftp/etc" directory.

    Right now it is possible to use "cd.." and get as far as "var/ftp" an
    I would like to stop that ability at the "var/ftp/pub"

    /var/ftp/et
    -------- /bi
    -------- /pub
    this is the only directory I want anonymou
    user to se

    Is this even possible (I have to believe it is)

    I tried the additions to the login.conf file and no change

    Am I missing something?

    OS is FreeBSD 5.

    Sorry if this seems like a dumb question

    Thanks
    Bo


    _________________
    I set :ftp-dir=/var/pubb: . This directory does _not_exist. Can lo

    in, do _not_ get errors, users wind up in their own directory, and
    cannot access anything else on the system (as it should be). I mus
    be
    missing something somewhere. Can you post the relevant contents o
    your
    config files please
    _________________

    Sent via Archivaty.com

  9. Re: ftpchroot syntax

    Help

    Ok, I've always sort of been confused by this. When you say "canno
    access anything else", what exactly do you mean by cannot access

    My goal, primarily for anonymous ftp users, is to restrict them to th
    "/var/ftp/pub" directory and below

    As in I do not want them to be able to "cd .." and view/access th
    "/var/ftp/bin" or the "/var/ftp/etc" directory.

    Right now it is possible to use "cd.." and get as far as "var/ftp" an
    I would like to stop that ability at the "var/ftp/pub"

    /var/ftp/et
    -------- /bi
    -------- /pub
    this is the only directory I want anonymou
    user to se

    Is this even possible (I have to believe it is)

    I tried the additions to the login.conf file and no change

    Am I missing something?

    OS is FreeBSD 5.

    Sorry if this seems like a dumb question

    Thanks
    Bo

    Sent via Archivaty.com

  10. Re: ftpchroot syntax

    Begin
    On 2005-11-19, rshprd wrote:
    > Help!

    [snippety!]
    > OS is FreeBSD 5.3


    So why are you posting here? Twice? You already posted in cub.FreeBSD.m.
    Really, posting once is enough, and iff you have to post in more groups,
    don't multipost but crosspost.


    --
    j p d (at) d s b (dot) t u d e l f t (dot) n l .
    This message was originally posted on Usenet in plain text.
    Any other representation, additions, or changes do not have my
    consent and may be a violation of international copyright law.

+ Reply to Thread