[Pluto-help] wuftpd e chroot

Tom aka 'Dido' dido a sicurweb.com
Mer 12 Mar 2003 22:59:04 CET 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

usi la direttiva 

On Wednesday 12 March 2003 17:50, gianni a cln.it wrote:
> Salve a tutti,
>
> ho un problema ftp su un server...
>
> c'e' installata un Red Hat 7.3 con wuftp come server ftp.
> Il problmea e' questo: attualmente le directory dove si puo' entrare in
> ftp non sono chiuse... cioe' l'utente che si logga entra si' nella sua
> directory, ma puo' viaggiare anche nelle altre... puo' fare un cd .. per
> intenderci...
>
> come posso evitarlo?

man ftpaccess:

- ------------
guestgroup <groupname> [<groupname> ...]
guestuser <username> [<username> ...]
realgroup <groupname> [<groupname> ...]
realuser <username> [<username> ...]
For guestgroup, if a REAL user is a member of any of <groupname>, the session 
is set up exactly as  with  anonymous FTP.   In other words, a chroot() is 
done, and the user is no longer permitted to issue the USER and PASS 
commands.
<groupname> is a valid group from /etc/group (or whatever mechanism your 
getgrent(3) library routine uses).
The user's home directory must be properly set up, exactly as anonymous FTP 
would be.  The home directory field  of the passwd entry is divided into two 
directories.  The first field is the root directory which will be the 
argument to the chroot(2) call.  The second half is the user's home directory 
relative  to  the  root  directory.   The  two halves are separated by a 
"/./".
For example, in /etc/passwd, the real entry:
guest1:<passwd>:100:92:Guest Account:/ftp/./incoming:/etc/ftponly
When  guest1  successfully logs in, the ftp server will chroot("/ftp") and 
then chdir("/incoming").  The guest user will only be able to access the 
directory structure under /ftp (which will look and act as / to guest1), just 
as an anonymous FTP user would.

<cut>
For example:
guestuser *
realgroup admin
causes  all non-anonymous users to be treated as guest, with the sole 
exception of users in the admin group who are granted real user access.


Tutto chiaro, no?

- -- 
- -------------------------------------
Dido

PGP Public Key
http://web.tiscali.it/di_do/dido.asc
- -------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+b62oQe/GGXXd6zQRAkGrAJ0bh+tN5r7zU3kZwqTHoWxT0ftAjQCgpuPs
9wVsWP3SV1+XH32Gg6pjrFE=
=Emy2
-----END PGP SIGNATURE-----

More information about the pluto-help mailing list