[HOWTO] - Setup a chroot jail for your FTP users (10.0-10.1.x only)

Jadey

Jadey

sosumi
This How-to will explain how to restrict your FTP users to their home directory, so they won't be able to look at any directories higher than their own.

Launch Terminal (in Applications -> Utilities)

type: cd /etc
sudo pico ftpchroot

Type the valid usernames of people in this file that you want to be restricted to their own directory when they FTP into their machine. Separate each entry by a carriage return. This file will look simply like this:

ebunny
sclaus
tfairy

Then save the file by holding down the Control key and hitting X. This will create the file ftpchroot in the /etc directory.

Now restart your FTP server by turning it off then on again in your Sharing Control panel. Done!
 
Is there a MOTD (Message of the Day) file for FTP, so I can have a message appear when someone logs in with a simple FTP client?
 
There are several, depending on circumstance.

/etc/ftpwelcome is printed to all connections prior to asking for username/password.

/etc/ftpmotd is printed after a successful login by a user who isn't in /etc/ftpchroot.

~/etc/ftpmotd is printed after a successful login by a user who is in /etc/ftpchroot, since they've been chroot'ed to their home (~) directory.
 
hi,
i was searching on deja.com to find an answer to the ftp 'jail' question, i found it here, i registered with the forum and i tried what you suggested ...i think i made everything ok, but on my mac ...it doesn't work!:(
i made it and then (i'm in office now) i tried to log in my ftp (mac os x server) with one of the user names i wrote in the ftpchroot file ...but i can still see the other directories.
one of my users is 'andrea' and another one is 'gigi' ...if i log in with the user 'andrea', i can navigate also in 'gigi' directory!:(

i think i made some mystakes!:(


ciao
 
Someone else private messaged me about using this with Mac OS X server. I haven't ever used the server, and I don't know if the same FTP server is used or not. What FTP server is installed with Mac OS X server?
 
thanks for your reply ...i don't know which ftp server is, but btw i gave it up becuase i can't spend a lot of time with it ...:(
ps: may i ask you smth. else?
if in mac os x (not server) i start the ftp in system preferences (i think ...becasue my os is italian and i'm not sure of the translation) how i can add users? ...with the normal users control panel, the same used for the login screen? ...it's not comfortable ...i mean ...i want to decide myself where the new user have his home directory ...

maybe it's a stupid question ...and if it's so ...sorry, but i'm newbie with mac ...i always used pc (for ftp and web servers too)!:)

thanks again
marco
 
thanks again, i created the ftp jail and it works perfectly, and also the 'remote login' (i think, i repeat that mine is italian) is off!:) ...i promise that for today this will be my last question!:))) :
i have 3 partitions on my imac, and one is completely empty ...i want to make the ftp users to use this empty parition (because now the partiton they use is in my system disk (users) ...is it possible ...i mean to move the users ftp directories (ie 'andrea' and 'gigi') from my system partition to the empty one?


really thanks again, and sorry for my poor english!:)
 
thanks!:)
i will try to do it in the afternoon (now i'm not at home) logging in as root, i think it's more easy if i only need to drag and drop the user folders ...


ciao
marco
 
When I follow those instructions and try to log on as the specified FTP user, I get an error message about being unable to change roots. What is the problem? What have I done wrong?
 
This thread is outdated. It is correct for OS X 10.1.x, but is not applicable for 10.2.

OS X 10.2 no longer uses ftpd 6.00LS; instead Apple is using lukemftpd. However, their documentation has not been updated to reflect this change. In other words, chroot is badly broken and the ftpwelcome, ftpchroot, ftpusers files are all no longer used to configure the ftp daemon.

I actually replaced the FTP daemon altogether, as it was useless to me and didn't offer the features I needed (DOCUMENTATION, chroot, bandwidth throttling, quotas, etc.). I think you'll find that the easiest course to take. Give it a try:

http://www.pureftpd.org
 
You must log in or register to reply here.
Back
Top