Hello all,
I didn't really get much on this, but I'll summarize what I did anyway.
~~~~~~~~~~~~~~~~~~~~~~~~~~
The original Q:
Hello all,
I posted this to the wu-ftp mailing list, but didn't get much at all
there, thought this list might be more knowledgeable.
I've just downloaded, compiled, and installed wu-ftp ver 2.4 on a Sun
Ultra Enterprise 2 running Solaris 2.5.1 with gcc 2.8.1. It runs in
conjunction with tcp wrappers. All works properly with the default settings,
but I would like to add my site-specific configurations. The box is a web
server with user homepages hosted on it. I would like administrators on the
box to have full ftp access to the box, but I would like hosted users to
only have access to their homepage directory (no cd up or down). I have no
need of anonymous ftp on this box. I would like all transfers to be logged.
I have read the docs and the FAQ and have come up with the following, if
there's an better way, please let me know!
• Use ftpaccess with users in a guestgroup (to chroot them to their
home)
• Leave admins alone
The issues I see with this method are:
• Would have to create a library of commands for this group - not
for each user I hope = o
• Do not add 'mkdir' or 'cd' to the above library
• Create an entry in ftpaccess so they can't make .* files (i.e.
.cshrc)
• Ease of adding (MANY) users - maybe /etc/skel could help with this
one
Any advice would be greatly appreciated and I will summarize!!!
Michael
~~~~~~~~~~~~~~~~~~~~~~~~~~
I got one response asking why I wanted to do this and another asking for
the results. The reason why is that this is a web server which hosts user's
home pages and I use a script to dynamically build a directory of these
homepages. I changed the way the directory was built and now users can
traverse down into their own directory, but not out of it.
I was able to configure things pretty much as I had outlined in my quest
ion and it all works perfectly. I use a guestgroup for users I want to give
access only to their home directories and admins have whatever ftp access
they would normally have permissions to. To make this work, I had to build a
library of commands just like anonymous ftp (even though I do not give
anonymous ftp) for the chroot to work, and I wrote a script to automate
creating guest ftp users and their home directories.
Well, everything works great now!!!
Michael
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:48 CDT