как запретить юзеру подниматься вверх по каталогу в FTPD

Anonymous · Сообщение **Anonymous** » 28 авг 2003, 14:58

спасибо

zyxel · Сообщение **zyxel** » 28 авг 2003, 16:01

chroot ?

Гость · Сообщение **Гость** » 28 авг 2003, 16:19

zyxel писал(а):chroot ?

да я это понимаю... но как ее присобачить? ...

zyxel · Сообщение **zyxel** » 28 авг 2003, 16:34

man chroot ?

Гость · Сообщение **Гость** » 28 авг 2003, 16:39

zyxel писал(а):man chroot ?

ну

Код: Выделить всё

NAME
       chroot - run command or interactive shell with special root directory

SYNOPSIS
       chroot NEWROOT [COMMAND...]
       chroot OPTION

DESCRIPTION
       Run COMMAND with root directory set to NEWROOT.

       --help display this help and exit

       --version
              output version information and exit

       If no command is given, run ``${SHELL} -i'' (default: /bin/sh).

и как тут определенному юзеру назначить только его директорию?
или я сегодня торможу?

mend0za · Сообщение **mend0za** » 28 авг 2003, 16:56

в каком из ftpd?

Гость · Сообщение **Гость** » 28 авг 2003, 17:00

vsh писал(а):в каком из ftpd?

хз... (( на freebsd 3.0 какой-то ...
а можно пример для самых распространенных?

Anonymous · Сообщение **Anonymous** » 28 авг 2003, 19:49

mozhno
DefaultRoot

Syntax: DefaultRoot directory [group-expression]
Default: /
Context: server config, <VirtualHost>, <Global>
Module: mod_auth
Compatibility: 0.99.0pl7 and later

The DefaultRoot directive controls the default root directory assigned to a
user upon login. If DefaultRoot is set to a directory other than "/",
a chroot operation is performed immediately after a client authenticates. This
can be used to effectively isolate the client from a portion of the host system
filespace. The specified root directory must begin with a / or can be the magic
character '~'; meaning that the client is chroot jailed into their home directory.
If the DefaultRoot directive specifies a directory which disallows access to
the logged-in user's home directory, the user's current working directory after
login is set to the DefaultRoot instead of their normal home directory. DefaultRoot
cannot be used in configuration blocks, as the <a href="#Anonymous"><Anonymous>
directive explicitly contains a root directory used for Anonymous logins.

The special character '~' is replaced with the authenticating user's home directory
immediately after login. Note that the default root may be a subdirectory of
the home directory, such as "~/anon-ftp".

The optional group-expression argument can be used
to restrict the DefaultRoot directive to a unix group, groups or subset of groups.
The expression takes the format: [!]group-name1[,[!]group-name2[,...]]. The
expression is parsed in a logical boolean AND fashion, such that each member
of the expression must evaluate to logically TRUE in order for the DefaultRoot
directive to apply. The special character '!' is used to negate group membership.

Care should be taken when using DefaultRoot. Chroot "jails" should
not be used as methods for implementing general system security as there are
potentially ways that a user can "escape" the jail.

Example of a DefaultRoot configuration:
<pre>
ServerName "A test ProFTPD Server"
ServerType inetd
User ftp
Group ftp
# This causes proftpd to perform a chroot into the authenticating user's
# directory immediately after login. Once this happens, the user is unable
# to "see" higher level directories.
#
# Because a group-expression is included, only users who are a member of
# the group 'users' and NOT a member of 'staff' will have their default
# root directory set to '~'.
DefaultRoot ~ users,!staff
</pre>

Anonymous · Сообщение **Anonymous** » 28 авг 2003, 19:51

Eto bil proftpd

A mozhet vsetki ne budem gadat' i podumaem kak uznati kakoi ftp server ustanovlen

mend0za · Сообщение **mend0za** » 29 авг 2003, 11:25

можно и просто
[DIrectory /~]
RootDir ~
[/Directory]

на proftpd 1.2.5 и 1.2.6 - работало

Гость · Сообщение **Гость** » 10 сен 2003, 18:19

У меня та же проблема на linux с wu-ftpd.
Как можно к нему chroot прикрепить?
Для анонимных пользователей всё работает нормально, для real пользователей нет - могут поднятся по каталогу вверх. Как можно вылечить, подскажите пожалуйста !!!

Anonymous · Сообщение **Anonymous** » 10 сен 2003, 19:29

забей ты на него

http://www.wu-ftpd.org/HOWTO/guest.HOWTO

There are three kinds of FTP logins that wu-ftpd provides:

1: anonymous FTP
2: real FTP
3: guest FTP

Anonymous FTP is well known; one logs in with the username 'anonymous'
and an email type password.

Real FTP is when someone logs in with a real username and password and
has access to the entire disk structure. This form of access can be
extremely dangerous to system security and should be avoided unless
absolutely necessary and well controlled.

Guest FTP is a form of real FTP; one logs in with a real user name and
password, but the user is chroot'ed to his home directory and cannot
escape from it. This is much safer, and it is a useful way for remote
clients to maintain their Web accounts.

If you want to learn more about 'chroot', the following two commands
should help, as should any good Unix text.

man chroot

There may be different man pages in sections 1, 2 and 8 (or others,
perhaps) depending on your operating system. ('man # chroot')

This howto will describe in detail the steps necessary to set up a
guest FTP account. It does not describe anonymous or real FTP setup,
though the procedures for setting up an operational 'ls' command will
apply equally to anonymous FTP because of the chroot'ed nature of
anonymous FTP.