ftp/chroot question

ftp/chroot question

Post by Theresa Kiefe » Thu, 19 Sep 1996 04:00:00



We are running aix 4.1.4 and are trying to set up an ftp site for a few
different groups to use.  We would like to have each user have a user
name and a password, to use when they ftp and login.  Once they are
logged in we want the user only to be able to see their directory,
and not be able to see any other files.  If I set up an anonymous ftp,
ftp automatically does this for me.  It acts as if the directory the
user logged in as is / and I just put what ever files I thing they'll
need in their separate /usr, /bin, and /etc directories.  How can I set
this up with a user other than anonymous?  I know it has something to
do with chroot, but I don't know where and how ftp executes this
command.  
Any help would be appreciated, please reply to me e-mial. Thanks


 
 
 

ftp/chroot question

Post by Chris Calabres » Fri, 20 Sep 1996 04:00:00



> We are running aix 4.1.4 and are trying to set up an ftp site for a few
> different groups to use.  We would like to have each user have a user
> name and a password, to use when they ftp and login.  Once they are
> logged in we want the user only to be able to see their directory,
> and not be able to see any other files.  If I set up an anonymous ftp,
> ftp automatically does this for me.  It acts as if the directory the
> user logged in as is / and I just put what ever files I thing they'll
> need in their separate /usr, /bin, and /etc directories.  How can I set
> this up with a user other than anonymous?  I know it has something to
> do with chroot, but I don't know where and how ftp executes this
> command.
> Any help would be appreciated, please reply to me e-mial. Thanks



I'm not terribly familiar with AIX, but I'm going to guess that
the AIX ftpd is pretty similar to the ones that ship with other
UNIX flavors.

Assuming this is the case, there's no way of getting the stock ftpd
to do the chroot's you want.

Instead, you could use wu-ftpd, which can do this, and much more.
It's available from ftp://ftp.wustl.edu/packages/wuarchive-ftpd.
I'd also reccomend the section on wu-ftpd in _Managing_Internet_
Information_Services_ from O'Reilly.

If you're interested in doing some programming, I can also send you
information on the changes I made to the UnixWare ftpd to do
chroot (and some other things).  It shouldn't be difficult to
apply the same changes to the source code to one of the freely-available
BSD ftp variants.

--
Chris Calabrese
Security Architect
Novell Information Services and Technology

--
Christopher J. Calabrese
Security Architect
Novell Information Services and Technology


 
 
 

ftp/chroot question

Post by Anil Da » Sat, 21 Sep 1996 04:00:00


On Irix, there is a file /etc/ftpusers which
can be used to list users who should be restricted to
a CHROOT of their home directory.

        I don't know if AIX ftpd supports that. Check the
man page for ftpd.

--
Anil Das

 
 
 

ftp/chroot question

Post by Salim GASM » Sat, 21 Sep 1996 04:00:00




> > We are running aix 4.1.4 and are trying to set up an ftp site for a few
> > different groups to use.  We would like to have each user have a user
> > name and a password, to use when they ftp and login.  Once they are
> > logged in we want the user only to be able to see their directory,
> > and not be able to see any other files.  If I set up an anonymous ftp,
> > ftp automatically does this for me.  It acts as if the directory the
> > user logged in as is / and I just put what ever files I thing they'll
> > need in their separate /usr, /bin, and /etc directories.  How can I set
> > this up with a user other than anonymous?  I know it has something to
> > do with chroot, but I don't know where and how ftp executes this
> > command.
> > Any help would be appreciated, please reply to me e-mial. Thanks

As far as I know the standard ftpd of AIX does not support chroot for
non ftp users .

I advice you to install wu-ftpd and configure ftpacess file to treat a
specified unix group
as ftp group called guest and they will be automaticly chrooted to their
home dir.
This is one of the nice features of wu-ftpd and it is most secure than
the AIX ftpd.

Hope this helps

Salim Gasmi

 
 
 

ftp/chroot question

Post by Salim GASM » Sat, 21 Sep 1996 04:00:00



> On Irix, there is a file /etc/ftpusers which
> can be used to list users who should be restricted to
> a CHROOT of their home directory.

>         I don't know if AIX ftpd supports that. Check the
> man page for ftpd.

On AIX (and a lot of other UN*X i tryed) the file /etc/ftpusers
are users denied to access to the ftp service.

Best regards

Salim Gasmi

 
 
 

ftp/chroot question

Post by bill davids » Sat, 21 Sep 1996 04:00:00



| On Irix, there is a file /etc/ftpusers which
| can be used to list users who should be restricted to
| a CHROOT of their home directory.
|
|       I don't know if AIX ftpd supports that. Check the
| man page for ftpd.

The file is used for users who are not allowed to use ftp, such as
root, news, etc. Only ftp is magic.
--

"As a software development model, Anarchy does not scale well."
                -Dave Welch

 
 
 

ftp/chroot question

Post by Neil Lon » Sat, 21 Sep 1996 04:00:00




>| On Irix, there is a file /etc/ftpusers which
>| can be used to list users who should be restricted to
>| a CHROOT of their home directory.
>|
>|   I don't know if AIX ftpd supports that. Check the
>| man page for ftpd.
>The file is used for users who are not allowed to use ftp, such as
>root, news, etc. Only ftp is magic.
>--

>"As a software development model, Anarchy does not scale well."
>            -Dave Welch

No, on Irix you can add the "restrict" option as in
joeuser restrict
and then by following the same guidelines as for anon ftp (from the faq!)
you can chroot a user account in just the same way for the minor cost of
the lib, etc, bin directories. Great for data backup when you don't want
other users poking around their colleagues files.
Neil
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
*  Neil J Long, Department of Materials, University of Oxford
*               Parks Road, Oxford, OX1 3PH, UK

*  Tel:         +44 (0)1865-273678 Fax: +44 (0)1865-273789
 
 
 

ftp/chroot question

Post by TONY DUNNI » Sun, 22 Sep 1996 04:00:00


JPE>> So i wish to verify that. Is that true ?
JPE>> Hom many files does it take in a directory to have and impact on the syst
JPE>> performance ?
JPE>>
There is a freeware utility called fsanalyse that you would find useful.

TonyD
---
 * OLX 2.2 * UNIX hackers do it with forks

 
 
 

ftp/chroot question

Post by TONY DUNNI » Sun, 22 Sep 1996 04:00:00


Reposting article removed by rogue canceller.

JPE>> So i wish to verify that. Is that true ?
JPE>> Hom many files does it take in a directory to have and impact on the syst
JPE>> performance ?
JPE>>
There is a freeware utility called fsanalyse that you would find useful.

TonyD
---
 * OLX 2.2 * UNIX hackers do it with forks

 
 
 

1. chroot FTP with wu-ftp beta-13

Hi....I'm having problems getting the chroot function to work in
wu-ftpd on Solaris 2.5.1.  I've gone through the guest howto and in the
end tried to basically mirror the anonymous ftp setup but no luck.  
   The chroot takes place but ls fails to work properly.  I can run "ls"
and it returns everything correctly, but when I run ls -l or with any
flags it doesn't work.  I ran the command: truss -f chroot ~ftp /bin/ls
-l to see what libraries it was depending on and it seems that all exist
in  the test account's /usr/lib directory.  Thanks in advance. Adam

2. ftp being stopped by iptables

3. ftp chroot jail dir & pam 1.0 /etc/pam.d/ftp file

4. PCI logging

5. FTP and chroot for ftp clients

6. Staroffice Beta

7. chroot+Apache: possible to place logfiles outside chroot cell?

8. Adding control characters to a file

9. BIND config tool + How do I select between chroot and no chroot?

10. Running chroot applications in a chroot environment

11. FTP and chroot()

12. ftp and chroot

13. chroot with ftp