как запретить юзеру подниматься вверх по каталогу в FTPD
Добавлено: 28 авг 2003, 14:58
как запретить юзеру подниматься вверх по каталогу в FTPD 
спасибо
спасибо
Linux.by
Linux-портал Республики Беларусь
https://linux.by/
как запретить юзеру подниматься вверх по каталогу в FTPD
Страница 1 из 1
Добавлено: 28 авг 2003, 16:01
chroot ?
Добавлено: 28 авг 2003, 16:19
да я это понимаю... но как ее присобачить? ...zyxel писал(а):chroot ?
Добавлено: 28 авг 2003, 16:34
man chroot ?
Добавлено: 28 авг 2003, 16:39
нуzyxel писал(а):man chroot ?
Код: Выделить всё
NAME
chroot - run command or interactive shell with special root directory
SYNOPSIS
chroot NEWROOT [COMMAND...]
chroot OPTION
DESCRIPTION
Run COMMAND with root directory set to NEWROOT.
--help display this help and exit
--version
output version information and exit
If no command is given, run ``${SHELL} -i'' (default: /bin/sh).
или я сегодня торможу?
Добавлено: 28 авг 2003, 16:56
в каком из ftpd?
Добавлено: 28 авг 2003, 17:00
хз... (( на freebsd 3.0 какой-то ...vsh писал(а):в каком из ftpd?
а можно пример для самых распространенных?
Добавлено: 28 авг 2003, 19:49
mozhno
DefaultRoot
Syntax: DefaultRoot directory [group-expression]
Default: /
Context: server config, <VirtualHost>, <Global>
Module: mod_auth
Compatibility: 0.99.0pl7 and later
The DefaultRoot directive controls the default root directory assigned to a
user upon login. If DefaultRoot is set to a directory other than "/",
a chroot operation is performed immediately after a client authenticates. This
can be used to effectively isolate the client from a portion of the host system
filespace. The specified root directory must begin with a / or can be the magic
character '~'; meaning that the client is chroot jailed into their home directory.
If the DefaultRoot directive specifies a directory which disallows access to
the logged-in user's home directory, the user's current working directory after
login is set to the DefaultRoot instead of their normal home directory. DefaultRoot
cannot be used in configuration blocks, as the <a href="#Anonymous"><Anonymous>
directive explicitly contains a root directory used for Anonymous logins.
The special character '~' is replaced with the authenticating user's home directory
immediately after login. Note that the default root may be a subdirectory of
the home directory, such as "~/anon-ftp".
The optional group-expression argument can be used
to restrict the DefaultRoot directive to a unix group, groups or subset of groups.
The expression takes the format: [!]group-name1[,[!]group-name2[,...]]. The
expression is parsed in a logical boolean AND fashion, such that each member
of the expression must evaluate to logically TRUE in order for the DefaultRoot
directive to apply. The special character '!' is used to negate group membership.
Care should be taken when using DefaultRoot. Chroot "jails" should
not be used as methods for implementing general system security as there are
potentially ways that a user can "escape" the jail.
Example of a DefaultRoot configuration:
<pre>
ServerName "A test ProFTPD Server"
ServerType inetd
User ftp
Group ftp
# This causes proftpd to perform a chroot into the authenticating user's
# directory immediately after login. Once this happens, the user is unable
# to "see" higher level directories.
#
# Because a group-expression is included, only users who are a member of
# the group 'users' and NOT a member of 'staff' will have their default
# root directory set to '~'.
DefaultRoot ~ users,!staff
</pre>
DefaultRoot
Syntax: DefaultRoot directory [group-expression]
Default: /
Context: server config, <VirtualHost>, <Global>
Module: mod_auth
Compatibility: 0.99.0pl7 and later
The DefaultRoot directive controls the default root directory assigned to a
user upon login. If DefaultRoot is set to a directory other than "/",
a chroot operation is performed immediately after a client authenticates. This
can be used to effectively isolate the client from a portion of the host system
filespace. The specified root directory must begin with a / or can be the magic
character '~'; meaning that the client is chroot jailed into their home directory.
If the DefaultRoot directive specifies a directory which disallows access to
the logged-in user's home directory, the user's current working directory after
login is set to the DefaultRoot instead of their normal home directory. DefaultRoot
cannot be used in configuration blocks, as the <a href="#Anonymous"><Anonymous>
directive explicitly contains a root directory used for Anonymous logins.
The special character '~' is replaced with the authenticating user's home directory
immediately after login. Note that the default root may be a subdirectory of
the home directory, such as "~/anon-ftp".
The optional group-expression argument can be used
to restrict the DefaultRoot directive to a unix group, groups or subset of groups.
The expression takes the format: [!]group-name1[,[!]group-name2[,...]]. The
expression is parsed in a logical boolean AND fashion, such that each member
of the expression must evaluate to logically TRUE in order for the DefaultRoot
directive to apply. The special character '!' is used to negate group membership.
Care should be taken when using DefaultRoot. Chroot "jails" should
not be used as methods for implementing general system security as there are
potentially ways that a user can "escape" the jail.
Example of a DefaultRoot configuration:
<pre>
ServerName "A test ProFTPD Server"
ServerType inetd
User ftp
Group ftp
# This causes proftpd to perform a chroot into the authenticating user's
# directory immediately after login. Once this happens, the user is unable
# to "see" higher level directories.
#
# Because a group-expression is included, only users who are a member of
# the group 'users' and NOT a member of 'staff' will have their default
# root directory set to '~'.
DefaultRoot ~ users,!staff
</pre>
Добавлено: 28 авг 2003, 19:51
Eto bil proftpd 
A mozhet vsetki ne budem gadat' i podumaem kak uznati kakoi ftp server ustanovlen
A mozhet vsetki ne budem gadat' i podumaem kak uznati kakoi ftp server ustanovlen
Добавлено: 29 авг 2003, 11:25
можно и просто
[DIrectory /~]
RootDir ~
[/Directory]
на proftpd 1.2.5 и 1.2.6 - работало
[DIrectory /~]
RootDir ~
[/Directory]
на proftpd 1.2.5 и 1.2.6 - работало
Добавлено: 10 сен 2003, 18:19
У меня та же проблема на linux с wu-ftpd.
Как можно к нему chroot прикрепить?
Для анонимных пользователей всё работает нормально, для real пользователей нет - могут поднятся по каталогу вверх. Как можно вылечить, подскажите пожалуйста !!!
Как можно к нему chroot прикрепить?
Для анонимных пользователей всё работает нормально, для real пользователей нет - могут поднятся по каталогу вверх. Как можно вылечить, подскажите пожалуйста !!!
Добавлено: 10 сен 2003, 19:29
забей ты на него
http://www.wu-ftpd.org/HOWTO/guest.HOWTO
http://www.wu-ftpd.org/HOWTO/guest.HOWTO
There are three kinds of FTP logins that wu-ftpd provides:
1: anonymous FTP
2: real FTP
3: guest FTP
Anonymous FTP is well known; one logs in with the username 'anonymous'
and an email type password.
Real FTP is when someone logs in with a real username and password and
has access to the entire disk structure. This form of access can be
extremely dangerous to system security and should be avoided unless
absolutely necessary and well controlled.
Guest FTP is a form of real FTP; one logs in with a real user name and
password, but the user is chroot'ed to his home directory and cannot
escape from it. This is much safer, and it is a useful way for remote
clients to maintain their Web accounts.
If you want to learn more about 'chroot', the following two commands
should help, as should any good Unix text.
man chroot
There may be different man pages in sections 1, 2 and 8 (or others,
perhaps) depending on your operating system. ('man # chroot')
This howto will describe in detail the steps necessary to set up a
guest FTP account. It does not describe anonymous or real FTP setup,
though the procedures for setting up an operational 'ls' command will
apply equally to anonymous FTP because of the chroot'ed nature of
anonymous FTP.