Permissions...

Scott Wood treii28@yahoo.com
Fri, 22 Jun 2001 07:29:52 -0700 (PDT) 

I haven't played with this as much in the newer proftpd but I understand this
is easier to do than with wuftpd which I have done before.  There are some
items out there that can facilitate this.  Either you set up pseudo accounts in
a ftp-only passwd and groups file other than those used by your system login,
or you set up an account that has other than a normal shell.  Either a
restrictive shell (many exist, but we have often found problems with them that
allow an intelligent user to work around it) that just shows them their
directory tree, or something like /bin/false that won't let them in at all. 
Most systems will usually bark at you if you don't include these in /etc/shells
and be wary of programs like the elm 'filters' program and perhaps even
procmail.  If you provide said user with ftp access to their account and email
access on the system as well, I have seen users utilize this to gain
additional, unwarranted access.  (to move or rename chsh in the restricted
shell is not a bad idea)

It is also wise to keep in mind that the reason for giving access to a system
is to upload files to a web page, it is wise to review any scripts if your
desire is to restrict access.  Again, most scripting languages as well as
compiled equivalents can do the same thing with side stepping existing security
measures via your web server.

SW


--- Mike Szumlinski <szumlins@pilot.msu.edu> wrote:
> I want to set up an account on my machine (FreeBSD 4.3) where the user can
> only read/write its own login directory and none of the rest of the
> filesystem. I donšt want the user to be able to browse the system at all. Is
> there a way with a standard install to have either a FTP only user or a way
> to disable the ability to browse the rest of the system easily?
> 
> -Mike
> 
> -- 
> -=--===---===---===---===-=-
> |Mike Szumlinski           |
> |Michigan State University |
> |A26079565                 |
> -=--===---===---===---===-=-
> "The future is no place to place your better days" -DMB
> 
> _______________________________________________
> linux-user mailing list
> linux-user@egr.msu.edu
> http://www.egr.msu.edu/mailman/listinfo/linux-user


__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail
http://personal.mail.yahoo.com/