[HOWTO] - Setup a chroot jail for your FTP users (10.0-10.1.x only)

Jadey · #1 February 3rd, 2002, 09:11 PM

This How-to will explain how to restrict your FTP users to their home directory, so they won't be able to look at any directories higher than their own.

Launch Terminal (in Applications -> Utilities)

type: cd /etc
sudo pico ftpchroot

Type the valid usernames of people in this file that you want to be restricted to their own directory when they FTP into their machine. Separate each entry by a carriage return. This file will look simply like this:

ebunny
sclaus
tfairy

Then save the file by holding down the Control key and hitting X. This will create the file ftpchroot in the /etc directory.

Now restart your FTP server by turning it off then on again in your Sharing Control panel. Done!

symphonix · #2 February 4th, 2002, 12:51 AM

Is there a MOTD (Message of the Day) file for FTP, so I can have a message appear when someone logs in with a simple FTP client?

blb · #3 February 4th, 2002, 01:58 AM

There are several, depending on circumstance.

/etc/ftpwelcome is printed to all connections prior to asking for username/password.

/etc/ftpmotd is printed after a successful login by a user who isn't in /etc/ftpchroot.

~/etc/ftpmotd is printed after a successful login by a user who is in /etc/ftpchroot, since they've been chroot'ed to their home (~) directory.

symphonix · #4 February 4th, 2002, 02:26 AM

Thanks! Thats just what I needed!

dani++ · #5 February 4th, 2002, 03:48 AM

Does this work for sftp too?

mdkia · #6 March 8th, 2002, 03:24 AM

hi,
i was searching on deja.com to find an answer to the ftp 'jail' question, i found it here, i registered with the forum and i tried what you suggested ...i think i made everything ok, but on my mac ...it doesn't work!:(
i made it and then (i'm in office now) i tried to log in my ftp (mac os x server) with one of the user names i wrote in the ftpchroot file ...but i can still see the other directories.
one of my users is 'andrea' and another one is 'gigi' ...if i log in with the user 'andrea', i can navigate also in 'gigi' directory!:(

i think i made some mystakes!:(

ciao

Jadey · #7 March 8th, 2002, 07:40 AM

Someone else private messaged me about using this with Mac OS X server. I haven't ever used the server, and I don't know if the same FTP server is used or not. What FTP server is installed with Mac OS X server?

mdkia · #8 March 8th, 2002, 12:01 PM

thanks for your reply ...i don't know which ftp server is, but btw i gave it up becuase i can't spend a lot of time with it ...:(
ps: may i ask you smth. else?
if in mac os x (not server) i start the ftp in system preferences (i think ...becasue my os is italian and i'm not sure of the translation) how i can add users? ...with the normal users control panel, the same used for the login screen? ...it's not comfortable ...i mean ...i want to decide myself where the new user have his home directory ...

maybe it's a stupid question ...and if it's so ...sorry, but i'm newbie with mac ...i always used pc (for ftp and web servers too)!:)

thanks again
marco