setting up ftp

biotech

Registered
I have ftp up and running with other users in addition to an anonymous user. How can i restrict each user (including anonymous) to a particular directory? Right now when they log in, they go to their home directory, but they just can back up all the way and see all my drives. Any suggestions?
 
Well, to set up a real anonymous account, check out this post:
http://www.macosx.com/forums/showthread.php?threadid=1168

Anonymous gets restricted automatically to it's homedir if you set it up like this.

To do this for other users, you should add their names to /etc/ftpchroot (read the man page on it: man ftpd).
Only problem is, it doesn't work on my computer. Actually the whole chroot command doesn't seem to work. Don't really know what the problem is, but it is annoying. I had to do a lot of chmod'ing etc. to get it reasonable safe.
 
cool, I dont have a ftpchroot in /etc. So I just make it and add the users to the file, right? So does this file need any certain sytax structure or is it just their names? Also how can you specify which directory for each user? I assume adding them to the ftpchroot file restricts them to their home directory, right?
 
Originally posted by biotech
cool, I dont have a ftpchroot in /etc. So I just make it and add the users to the file, right? So does this file need any certain sytax structure or is it just their names? Also how can you specify which directory for each user? I assume adding them to the ftpchroot file restricts them to their home directory, right?

1: Yes you have to create the file yourself.
2: Don't know the syntax, but judging by other similar files i have seen you simply put the users loginname on a seperate line.
3: Every user in ftpchroot is being restricted acces to his home directory. You will need to create the same dirs as you made for the Anonymous FTP user. Same sort of permissions would make it even safer, but not really necessary.
4: To change a users homedir. open the NetInfoManager in the Utilities folder. Unlock it. Go to users select the user and doubleclick on the users current value for homedir (this is the path to his homedir). Now you can change it to whatever you want.

Good luck, DJ
 
Thanks dude, Ive done all that, but the users I add to ftpchroot dont seem to be restricted to their home directory. So either there is a different syntax needed or somthing else is not configured correctly. Do you have it working properly yet? Im off to do some more reading in the 'man' pages. ;-)

until then...
 
Well, i forgot a line in that last post.

I should have added.
"I should work like that. problem is it doesn't on my computer. Actually the whole chroot command doesn't seem to work. Probably something apple will fix in final"
 
Be careful, non-root volumes are accessible by all users. They are 777 by default for some reason.
 
is it possible to hide all but the pub and incoming directories to the anonymous user ? It's tacky/useless to the ftp user seeing those dirs and I would prefer to have the ability to control my directory structure in a cleaner way.
 
Originally posted by whirk
is it possible to hide all but the pub and incoming directories to the anonymous user ? It's tacky/useless to the ftp user seeing those dirs and I would prefer to have the ability to control my directory structure in a cleaner way.

As far as i know. NO
Remember that usually those dirs aren't necesarry.
Only if you want a 'secure' anonymous ftp.
And the System dir etc. are OSX specific. No other UNIX needs those.
You would really need to hack the ftpdeamon to hide this, and you can't do without them. No easy job.

DJ
 
No, it is possible to hide those directories. Change the mode so that it is not viewable, but still executable. You may have to play around with it, but it does work. I have them all hidden for the same reason. Unfortunately, I'm not at my computer right now, and cannot print my ~ftp account. I will copy it here later today.
 
Originally posted by anothermacguy
No, it is possible to hide those directories. Change the mode so that it is not viewable, but still executable.

The mode of course. If you set the directory (important not it's contents, cause the users need those) to restrict read or execute (don't remember which one i'll try it out later) access, the dir might not show up. Good idea. Completly forgot you can change the perm. on the dir as long as you dont change them on it's contents.
 
Originally posted by anothermacguy
No, it is possible to hide those directories. Change the mode so that it is not viewable, but still executable. You may have to play around with it, but it does work. I have them all hidden for the same reason. Unfortunately, I'm not at my computer right now, and cannot print my ~ftp account. I will copy it here later today.

Can you post your info? I've tried changing the read and write bits for the folders with no luck. Also tried changing the owner:group for the files to see if that makes a difference (having a group the ftp user does and does not belong to). I'd really like to figure this out if it is indeed possible..
 
Sorry guys, I don't know what I was smoking that day. I could have sworn I had those directories hidden. The only thing I could do, as I'm sure you have done, is hide everything within the /System, /usr, and /bin directories (chmod 111).


My apologies.

[Edited by anothermacguy on 12-06-2000 at 11:01 PM]
 
Back
Top