ftp jailing ftp-chroot
I'm back with a question regarding ftp jailing.
I have looked through the links below and got this far.
I can edit the ftpchroot file and add a user name and it works the ftp account is jailed.
I then remove it from the ftpchroot file and edit the login.conf and place the words ftp-chroot on a line and I believe this will jail all users ftp accounts.
It this correct?. The reason I say this because the secoond method does not jail the ftp users and allows them to traverse the directories as they please.
I guess this is something do do with user levels when an account is created.
A little help and explanation would be great thanks.
open bsd faq
By default, when logging in by ftp, users can change to any directory on the filesystem that they have access to. This may not be desirable in some cases. It is possible to restrict what users may see through ftp sessions by chrooting them to their home directory.
If you only wish to allow chrooted ftp logins, use the -A option to ftpd(8).
If you wish to apply them more finely, OpenBSD's login capability infrastructure and ftpd(8) together make this easy.
Users in a login class with the ftp-chroot variable set are automatically chrooted. Additionally, you can add a username to the file /etc/ftpchroot to chroot those usernames. A user only needs to be listed in one of these locations.
ftp-chroot A boolean value. If set, users in this class will be auto-
matically chrooted to the user's login directory.
|Thread||Thread Starter||Forum||Replies||Last Post|
|Chroot web-browsing||Oko||OpenBSD Security||1||29th December 2008 01:37 PM|
|apache 2.2.8 , is it on chroot by default?||superslot||OpenBSD Security||9||30th June 2008 11:56 AM|
|Can't use bash on chroot'd openssh environment||jploh||FreeBSD General||2||18th June 2008 02:12 AM|
|chroot/jailing users||Weaseal||FreeBSD Security||6||18th May 2008 07:44 AM|
|scponly not working with chroot||hamba||FreeBSD Security||3||15th May 2008 05:18 PM|