[Sunhelp] Secure ftp?
Bill Bradford
mrbill at mrbill.net
Tue Feb 29 00:43:02 CST 2000
On Mon, Feb 28, 2000 at 04:08:59PM -0800, Jason Meggs wrote:
> How can I provide a secure ftp site in Solaris 2.5.1 and/or 2.7
> where a chroot takes effect (so that the user only has access
> to the home directory tree) but also has secure access with
> a password? I have only found how to do this with anonymous
> ftp, which does not appear to provide for user passwords.
> Many thanks,
> Jason
Look at www.wu-ftpd.org - I've done this using wu-ftpd.
You want to look at the "restricted-uid" and "restricted-gid" directives
in /etc/ftpaccess. This keeps a user in the directory-tree owned by their
uid, and unable to cd out of it.
Here's what my file looks like (as an example):
class all real,guest,anonymous *
email root at localhost
loginfails 5
readme README* login
readme README* cwd=*
message /welcome.msg login
message .message cwd=*
compress yes all
tar yes all
chmod yes guest
delete yes guest
overwrite yes guest
rename yes guest
chmod no anonymous
delete no anonymous
overwrite no anonymous
rename no anonymous
restricted-uid %506-2000
restricted-gid %119
unrestricted-uid %1-505,%510,%520
unrestricted-gid %100
log transfers anonymous,real inbound,outbound
shutdown /etc/shutmsg
passwd-check rfc822 warn
Another thing you have to do, is that in /etc/passwd, the user's home directory
has to be specified like this:
username:cryptpw:uid:gid:gecos:/home/directory/is/here/./:/bin/shell
(note the /./ at the end of the home directory)
Bill
--
+---------------+-------------------+
| Bill Bradford | mrbill at mrbill.net |
+-------BEGIN GEEK CODE BLOCK-------+-----------------------------------+
| Version: 3.12 |
| GCS d- s:++ a- C++++ US++++ P+ L- E--- W+++ N++ o K+++ w--- O- M-- V- |
| PS PE+ Y+ PGP t+ 5 X- R-- tv+++ b++++ DI++++ D++ G++ e++ h r++ y+ |
+-----END GEEK CODE BLOCK-----------------------------------------------+
More information about the SunHELP
mailing list