Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.mel.connect.com.au!news.mel.aone.net.au!grumpy.fl.net.au!news.webspan.net!newsfeeds.sol.net!feed1.news.erols.com!super.zippo.com!zdc!szdc!news From: david drexler <david@okcity.com> Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: wu-ftpd - limiting to ftp only? Date: Thu, 06 Mar 1997 17:05:26 -0600 Organization: None Lines: 32 Message-ID: <331F4DB6.75E3@okcity.com> References: <MPG.d74e2d6161c64c89896fc@news.vnet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 3.01Gold (Win95; I) To: Ed Stone <estone@synernet.com> Xref: euryale.cc.adfa.oz.au comp.unix.bsd.bsdi.misc:6250 Ed Stone wrote: > > Using BSDI 2.1 and wu-ftpd, I'm having a problem limiting "guests" to > ftp only. I've read the doc, set up /bin/true for the "guests" shells. > What else must be done to limit guests to ftp only? > -- > ------------------------------- > Ed Stone > estone@synernet.com > http://www.synernet.com/estone > ------------------------------- The shell entry in /etc/passwd is what controls it. Whatever you use must be listed in /etc/shells. If you want users to be able to change their own passwords, use /bin/passwd as the shell. With wu-ftpd you can go a step farther and lock them into a directory tree so they can't wander around in your system, download /etc/passwd, etc. Two additional steps: (1) Create a directory for specifically these logins. Under it you must also have bin and shlib dirs, just as for anonymous ftp. Files needed in the bin directory are ls and pwd (copies, not links). The only file needed in the shlib directory is libc_s.2.1.0. These directories and files should be owned by root with mode 555. (2) The login dir in /etc/passwd must be shown as /rootdir/./userdir -- the dot flags wu-ftpd to do a chroot. Beware the usual caveats about anon ftp. David