Subject: Re: locking users in their home dir?
To: None <firstname.lastname@example.org>
From: Geoff Wing <email@example.com>
Date: 10/21/1998 03:00:44
Tom T. Thai <firstname.lastname@example.org> typed:
:Is it possible to lock telnet or ftp users into their home dir and not
:allow them to go outside or up higher in the dir tree?
1) For FTP, RTFM ftpd(8)
4. f directed by the file /etc/ftpchroot (see below) the ses-
sion's root will be changed to the user's login directory by
chroot(2) as for an ``anonymous'' or ``ftp'' account (see next
.... (BTW, the typo's in the man page)
however, you'll have to create a ``bin'' dir with a copy (or hard link) of
``ls'' if you want them to be able to send ``LIST'', not just ``NLST''
commands. You may not bother with the ``etc'' dir - just let them have
numeric uids/gids in their listings.
2) For telnet, there are quite a few restricted shells around, or shells
which have restricted modes (eg. zsh). Other than changing their shell,
you could write your own wrapper to chroot them - though that would
be extremely limiting for them and maybe annoying to administer since
you would have to give each user copies of any command you want them
to be able to run.
Geoff Wing <email@example.com> Mobile : 0412 162 441
Work URL: http://www.primenet.com.au/ Ego URL: http://pobox.com/~gcw/