DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 29th March 2010
pico pico is offline
Real Name: Pico
Complete openbsd beginner
 
Join Date: Mar 2010
Location: Scotland
Posts: 19
Default ftp jailing ftp-chroot

I'm back with a question regarding ftp jailing.

I have looked through the links below and got this far.

I can edit the ftpchroot file and add a user name and it works the ftp account is jailed.

I then remove it from the ftpchroot file and edit the login.conf and place the words ftp-chroot on a line and I believe this will jail all users ftp accounts.

It this correct?. The reason I say this because the secoond method does not jail the ftp users and allows them to traverse the directories as they please.

I guess this is something do do with user levels when an account is created.

A little help and explanation would be great thanks.

Pico.

-------------------------------------------

open bsd faq

By default, when logging in by ftp, users can change to any directory on the filesystem that they have access to. This may not be desirable in some cases. It is possible to restrict what users may see through ftp sessions by chrooting them to their home directory.

If you only wish to allow chrooted ftp logins, use the -A option to ftpd(8).

If you wish to apply them more finely, OpenBSD's login capability infrastructure and ftpd(8) together make this easy.

Users in a login class with the ftp-chroot variable set are automatically chrooted. Additionally, you can add a username to the file /etc/ftpchroot to chroot those usernames. A user only needs to be listed in one of these locations.

ftp-chroot A boolean value. If set, users in this class will be auto-
matically chrooted to the user's login directory.
Reply With Quote
 

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Chroot web-browsing Oko OpenBSD Security 1 29th December 2008 01:37 PM
apache 2.2.8 , is it on chroot by default? superslot OpenBSD Security 9 30th June 2008 11:56 AM
Can't use bash on chroot'd openssh environment jploh FreeBSD General 2 18th June 2008 02:12 AM
chroot/jailing users Weaseal FreeBSD Security 6 18th May 2008 07:44 AM
scponly not working with chroot hamba FreeBSD Security 3 15th May 2008 05:18 PM


All times are GMT. The time now is 12:09 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick