On 20 May 2006, at 15:15, Joachim Schipper wrote: >> Something's got to give here. I suspect that I'm going to have to >> un- >> chroot the ftp daemon. Is there an ftpd somewhere that can prevent >> users from looking at certain directories? For example, I would like >> to limit access only to /home/username and /var/www/home/username in >> ftpd, and prevent access to places like /etc, /usr/local, and so on. > > A lot of FTP daemons can do that, but I don't really see the point. > The > protections they offer might or might not be circumventable, but > nothing > interesting should be readable anyway.
If the ftpd runs as the UID of the person that's logged in, they won't be able to access the files they don't own anyway (contents of / etc, and others). But if possible, I'd just like to hide them from view, so they can't even be read. For example, # ls -lFa /etc | grep passwd -rw------- 1 root wheel 2688 May 19 21:57 master.passwd -rw-r--r-- 1 root wheel 2235 May 19 21:57 passwd Would still result in somebody with FTP access being able to download a list of users on the system. I would like to prevent them from doing that if possible. > Anyway, ISTR that ProFTPd could do that; I'm quite certain neither > stock > ftpd nor vsftpd can. I hear that the security record of ProFTPd is not stellar, to say the least. I'm fairly sure that the stock ftpd can't, and I can't find anything in pure-ftpd about it either. Gaby -- Junkets for bunterish lickspittles since 1998! http://www.playr.co.uk/sudoku/ http://weblog.vanhegan.net/
