Fake root for ftp-user other than "ftp/anonymous"?

Fake root for ftp-user other than "ftp/anonymous"?

Post by Terje Thoegers » Fri, 01 Jul 1994 01:41:09



Hi!

When 'anonymous' or 'ftp' logs in, ftpd does a chroot for that
user, denying him access to other than a specified directory
tree.

Can I somehow get ftpd to do this for an other user?

(I want to automate data transfer between an 3090 running MVS and
a Unisys/Sequent running SVR3, ptx 1.3.1)

Thanks in advance,

  -Terje
_________________________________________________________________
Terje Thoegersen, Systems Consultant, Norsk Hydro a.s, Hydro Data
N-0240 Oslo, Norway. Tel : +47 22 43 23 46  Fax : +47 22 43 27 47

 
 
 

Fake root for ftp-user other than "ftp/anonymous"?

Post by Tony Ga » Fri, 01 Jul 1994 04:51:02



|>
|> Hi!
|>
|> When 'anonymous' or 'ftp' logs in, ftpd does a chroot for that
|> user, denying him access to other than a specified directory
|> tree.
|>

You can do this based upon IP address at least with most of the TCP wrapper
packages out there.
--
Reply-to: meaddata.com!cisdfl01!cis115
Tony Gast                       (606)344-4528x4667
Square D
UNIX Systems Administrator (Guy, dude, etc)

 
 
 

Fake root for ftp-user other than "ftp/anonymous"?

Post by Graham To » Sat, 02 Jul 1994 01:45:27


        When 'anonymous' or 'ftp' logs in, ftpd does a chroot for that
        user, denying him access to other than a specified directory
        tree.

        Can I somehow get ftpd to do this for an other user?

Sure, but you have to hack ftpd yourself to do it.  Should take
you about 3 hours including full testing and installation.  (He
says. having done it once)

G

 
 
 

Fake root for ftp-user other than "ftp/anonymous"?

Post by Pamela Sei » Sat, 02 Jul 1994 21:41:05


At a previous site where I worked we wanted to do this same thing.  Using
the wu-ftpd this is fairly simple.  I do not know if this is a general
trait of other ftpd's.

To have a real user be treated like an anonymous user (chrooted environment)
during ftp do the following:

1) Add a guestgroup entry to the ftpaccess file (in the ftpd library
directory, wherever that is on your system, probably /usr/local/lib/ftpd,
/usr/lib/ftpd or something like that).  The format of the entry is

guestgroup ftponly

This tells ftpd to treat any users who are members of the group ftponly
as anonymous users and do a chroot when they use ftp.

2) add the ftponly group to /etc/group and add the user to that group

ftponly:*:98:jquser

3) modify the user's /etc/passwd entry as necessary.
        * If you only want them to have ftp access (no login) set the shell
          to some restricted shell that doesn't allow logins
          (/etc/ftponly,/bin/nologin,/bin/false, whatever your site uses).  

        * The home directory field of the passwd entry specifies the
          new / directory after the chroot and the user's initial directory
          relative to the new /.  So if you have a real user with a home
          directory /usr/usra/jquser and you don't want him/her to be able
          to see above the /usr/usra level in ftp, set the directory field
          of the passwd file to: /usr/usra/./jquser   This will put the
          user in his/her own directory when ftping to your site and that
          directory will look to him/her like /jquser.

          If you don't want them to be able to see anything above their own
          directory, set the passwd field to: /usr/usra/jquser/  and their
          home directory will look like / when they ftp to your site.

See the man page for ftpaccess for more information.
If you have any other questions feel free to write to me at the address
below.  The address in the header of this post is temporary at best.  The
one below is more permanent.

Pamela Seida
roaming UNIX Sysadmin and Computational Chemist

 
 
 

1. (SUMMARY) Fake root for ftp-user other than "ftp/anonymous"?

Hi!

A while ago I asked :

I've gotten several most helpful replies, most of which pointed me
towards wuarchiv's wu-ftpd replacement ftpd-server. Due to my rather
strange Unix system, I'm still in the process of trying to get this
to work, but I fairly sure I'll get there. (the code seems BSD'ish
and is written in ANSI C. I'm stuck with SV3.2 and a K&R compiler.)
(If anyone has ported wu-ftpd to DYNIX/ptx 1.3.1 please mail me :-))

This server has, as several correspondents mentioned, the required
facilities to force some or all users to work in a chroot'ed
environment. An added bonus is the implementation of the 'SITE'
command or 'EXEC', both of which can be used to let the calling
process kick off a command to let the receiving system know a file
has been received (eliminating the need for a daemon to hang about
checking ~/incoming for new files)

Some also pointed tcp-wrapper, which will grant or deny access to a
machine's resources based on IP-adress/hostname.

One also mentioned hacking the ftpd-source, but since my dealer
wants USD 5000 for the TCP/IP binaries (excluding NFS and X), I
haven't the courage to ask what the sources might cost me..

Thank you very much to all who responded!

  -Terje

_________________________________________________________________
Terje Thoegersen, Systems Consultant, Norsk Hydro a.s, Hydro Data
N-0240 Oslo, Norway. Tel : +47 22 43 23 46  Fax : +47 22 43 27 47

2. OSS and MiroPCTV

3. how to install a user "anonymous" with ftp

4. *.o files in /sys/MIPS/BINARY

5. Security: Fake "ftp-hole"-checker ...

6. ISDN support for FreeBSD, Teles ?????

7. "Program to repeat anonymous ftp until successful?"

8. NIS and the "+"-lines in /etc/passwd

9. About FTP , about anonymous, about ELF and COFF, about command "ls" ?!

10. problem w/anonymous ftp -- "Can't create data socket"

11. Q: can I have "anonymous-ftp" type login?

12. How to FTP-login to an account w/o password (not "anonymous"!)

13. Is anonymous ftp the only "solution"