'SV: Restricting FTP home directory (chroot'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       focus-sun
Subject:    SV: Restricting FTP home directory (chroot
From:       Patrik Sternudd <patrik.sternudd () COPPER ! SE>
Date:       2000-07-07 23:41:55
[Download RAW message or body]

Well, since this is a security related mailinglist, or so I think
at least, I wouldn't really recommend using wu-ftpd which, during
the years, has been known to contain a lot of security related bugs.
I would rather go for ncftpd or proftpd. Of course, it would be really
interesting to hear opinions from people who actually tried various
daemons, most like which one is the most secure. 

Just my two $0.02 anyways, 

/Patrik

-> -----Ursprungligt meddelande-----
-> Från: Michael Tucker [mailto:mtucker@ENERGYGRAPHICS.COM]
-> Skickat: Friday, July 07, 2000 10:29 PM
-> Till: FOCUS-SUN@SECURITYFOCUS.COM
-> Ämne: Re: Restricting FTP home directory (chroot
-> 
-> 
-> Ah! That's the answer. Yes, I've been doing (rather 
-> extensive) searching
-> today, and sunsolve.sun.com reports that the default Solaris 
-> ftpd will not
-> do what I want to do. You *can* create sub-accounts of the 
-> anonymous ftp
-> account, but (as you said) that is a VERY klunky solution 
-> (not reasonable in
-> my opinion). Sun actually suggests as a work-around: "Get a 
-> copy of a public
-> domain ftp daemon and modify it to suit your needs." (chuckle) Yeah,
-> right... *that's* the ticket.
-> 
-> I've downloaded wu-ftpd from www.wu-ftpd.org and am in the process of
-> building, installing and testing it.
-> 
-> Thanks to all who responded.
-> 
-> By the way, someone else suggested using simple access 
-> controls to achieve
-> my desired end. Yes, I can keep the users from being able to 
-> see (do an ls
-> on) each others' directories, but you can't really keep them 
-> from navigating
-> around (cd) and perusing the system. Even if they don't have 
-> permission to
-> write anywhere other than their home directory, I don't like 
-> that solution.
-> 
-> Thanks again,
-> Michael
-> 
-> -----Original Message-----
-> From: Edward Mitchell [mailto:ed@THE7THBEER.COM]
-> Sent: Friday, July 07, 2000 12:26 PM
-> To: FOCUS-SUN@SECURITYFOCUS.COM
-> Subject: Re: Restricting FTP home directory (chroot
-> 
-> 
-> Install wu-ftpd, which handles chrooting or look at sunsolve.sun.com.
-> There *is* a way to do the chrooting on the Sun ftp daemon and they
-> outline it there(but it is VERY klunky).
-> 
-> On Fri, 7 Jul 2000, Michael Tucker wrote:
-> 
-> > Greetings, all:
-> >
-> > I've just set up our company's FTP site (locally hosted on 
-> a Solaris 7
-> > machine, using the default ftpd daemon). Formerly, our FTP 
-> site was hosted
-> > by our ISP. Our customers had login accounts to our site, and each
-> customer
-> > had their own home directory. After logging in, they were 
-> apparently
-> > chrooted to their home directory, because it looked like 
-> "/" to them (like
-> > anonymous ftp). The site I've set up has the "default" 
-> behavior, i.e.
-> their
-> > home directory looks like
-> > "/export/home/ftp/...blah...blah.../their_directory", 
-> instead of "/".
-> >
-> > Pardon my ignorance; I've been a software developer and 
-> sometime admin for
-> > over 20 years, and this seems like something that should 
-> be obvious to me.
-> > But it isn't, so here I am asking: what do I need to do, 
-> so that our
-> user's
-> > FTP sessions are contained to their home directory?
-> >
-> > Thanks,
-> > Michael Tucker (MCT578)
-> > mtucker@energygraphics.com
-> >
-> 

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic