LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/LG/issue32/tag_ftpd.html

328 lines
10 KiB
HTML
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!--startcut ======================================================= -->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<html><head>
<META NAME="generator" CONTENT="lgazmail v1.1pre9c">
<TITLE>The Answer Guy 32:
WU-FTP guestgroup problems
</TITLE>
<!-- ORIGINAL SUBJECT:
wu-ftpd guest account on a Linux Box
JTD SUBTITLE:
-->
</head>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#A000A0"
ALINK="#FF0000">
<H4>"Linux Gazette...<I>making Linux just a little more fun!</I>"
</H4>
<P> <hr> <P>
<!-- ::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::: -->
<H1 align="center"><A NAME="answer">
<img src="../gx/dennis/qbubble.gif" alt="" border="0" align="middle">
<a href="./index.html">The Answer Guy</a>
<img src="../gx/dennis/bbubble.gif" alt="" border="0" align="middle">
</A></H1>
<BR>
<H4 align="center">By James T. Dennis,
<a href="mailto:linux-questions-only@ssc.com">linux-questions-only@ssc.com</a>
<BR>Starshine Technical Services, <A HREF="http://www.starshine.org/">http://www.starshine.org/</A>
</H4>
<p><hr><p>
<!--endcut ========================================================= -->
<H3><img src="../gx/dennis/qbub.gif" alt="(?)"width="50" height="28"
align="left" border="0">WU-FTP guestgroup problems</H3>
<p><strong>From Marco Iannacone on the
<a href="news:comp.unix.questions">comp.unix.questions</a> newsgroup
on 9 Jun 1997 </strong></p>
<!-- begin body -->
<blockquote>It looks like I never answered this question.
(I'm going through my old archives).
</blockquote>
<strong><p>Hi James,
how you doing?
</p></strong>
<strong><p>I'm writing to you as <EM>The Answer Guy</EM> 'cause I have
some problem with setting up the guest trick with wu-ftpd.
What I mean is to have a chrooted enviroment for some special user
with their home directory and user-id and password.
</p></strong>
<strong><p>I'm using <A HREF="http://www.slackware.org/">Slackware</A>
'96 Linux with the wu-archive-ftp that comes already compiled with it.
</p></strong>
<strong><p>This is what I did:
</p></strong>
<strong>
<ul>
<LI>I compiled gnu ls statically and put it in ~ftp/user-foo/bin
directory.
<LI>I did the <TT>/etc</TT> hack:
<ul>
<li>added the guest group in<TT>/etc/group</TT>
<li>modify the<TT>/etc/passwd</TT> file for the user I want to be
chrooted giving him <TT>/home/ftp/user-foo./</TT> directory
</ul>
</UL>
</strong>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)" width="50" height="28"
border="0" lign="bottom">I think this is supposed to be</blockquote>
<code><blockquote><blockquote>/home/ftp/./user-foo
</blockquote></blockquote></code>
<blockquote>... if you want the guestgroup directive in
wu-ftpd's ftpaccess file to chroot to <TT>/home/ftp</TT> and
initially place this user in the<TT>/home/ftp/user-foo</TT>
directory.
</blockquote>
<STRONG><P><IMG SRC="../gx/dennis/qbub.gif" ALT="(?)" width="50" height="28" border="0" lign="bottom"
>I don't recall whether the "ftponly" (or whatever you
call your "guestgroup" group) has to be that user's
<EM>primary</EM> group (the one listed in <TT>/etc/passwd</TT>) or whether
it can be one of the supplemental groups (as listed in <TT>/etc/group</TT>)
</p></strong>
<strong><UL>
<ul>
<LI>added <TT>/etc/ftponly</TT> to <TT>/etc/shells</TT>
<LI>I modify the <TT>/etc/ftpaccess</TT> file adding
<code>...
<BR>path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
<BR>....
<BR>guestgroup guest
</code>
</ul>
<LI>I created the user home directory which has the following
attribute:
<pre>[root]:/home/ftp&gt;ls -la
total 104
dr-xr-xr-x 9 root root 512 Jun 2 14:01 .
drwxrwxr-x 6 user-foo guest 512 Jun 3 13:54 user-foo
dr-xr-xr-x 2 root root 512 Jun 3 09:45 bin
</pre>
</UL>
</strong>
<strong><p>Now the ftp server is running fine (both with normal and anonymous
users) and even the chrooted enviroment for guest is working fine:
the user can login, upload and download files and it is locked in
that directory... i.e. can go in all the subdirectory but can't go
up. So it is perfect!
</p></strong>
<strong><p>The only problem is that <TT>ls</TT> and <TT>dir</TT> are not
working and he can only list files using <TT>nlist</TT>.
</p></strong>
<strong><p>For example:
</p></strong>
<strong><pre>Name (localhost:root): user-foo
331 Password required for user-foo.
Password:
230 User amex logged in. Access restrictions apply.
ftp&gt; nlist
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
bin
.profile
etc
.rhosts
.forward
.sh_history
test-directory
test-file.txt
226 Transfer complete.
ftp&gt; dir
200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
226 Transfer complete.
ftp&gt; ls
200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
226 Transfer complete.
ftp&gt;quit
</pre></strong>
<strong><p>What am I missing? how can I allow him to do ls and dir?
Note: i'm sure that the new ls is working:
</p></strong>
<strong><pre>[root@Goliath /home/ftp/user-foo//bin]#./ls
compress cpio gzip ls sh tar
[root@Goliath /home/ftp/user-foo/bin]#
</pre></strong>
<strong><p>
and that is statically linked:
</p></strong>
<strong><pre>[root@Goliath /home/ftp/user-foo/bin]#ldd ./ls
Statically linked (ELF)
[root@Goliath /home/ftp/user-foo/bin]#
</pre></strong>
<p><strong>Thanks a lot,
Marco
</strong></p>
<BLOCKQUOTE><IMG SRC="../gx/dennis/bbub.gif" ALT="(!)" width="50" height="28" border="0" lign="bottom"
>Everything else sounds right to me.
</blockquote>
<BLOCKQUOTE>Naturally I hope you've long since solved this problem.
I just hate to leave a question unanswered.
</blockquote>
<BLOCKQUOTE>Incidentally, you might look at <TT>ncftpd</TT> (a newer
FTP daemon from Mike Gleason, author of the popular <TT>ncftp</TT> client).
<TT>ncftpd</TT> allegedly offers better options for locking users into their
home directories and it contains built-in support for '<TT>ls</TT>' and
similar commands.</blockquote>
<BLOCKQUOTE><TT>ncftpd</TT> is shareware, rather than freeware, and
Mike wants $40 (US) for small servers (50 concurrent
sessions or less) and about $200 for larger servers.
</blockquote>
<blockquote>However you can evaluate the whole package for free.
Start by taking a look at:
</blockquote>
<code><blockquote><blockquote><A HREF="http://www.probe.net/~mgleason/ncftpd/"
>http://www.probe.net/~mgleason/ncftpd/</A>
</blockquote></blockquote></code>
<blockquote>... or at:
</blockquote>
<code><blockquote><blockquote
><A HREF="http://www.ncftp.com/">http://www.ncftp.com/</A>
</blockquote></blockquote></code>
<blockquote>... and reading about the features list.
</blockquote>
<blockquote>Naturally this hasn't been around as long as
<TT>wu-ftpd</TT>, and the sources don't seem to be openly
available. So <TT>ncftpd</TT> doesn't benefit from the
informal process of code review that we take for
granted for most Linux networking packages.
</blockquote>
<blockquote>(This informal process of auditing does not seem
to have been terribly effective, however, since we
still find new security problems in code that's been
free for decades. For this reason there are have a
couple of more organized and formal efforts ---
the <a href="http://www.openbsd.org/">OpenBSD</a> project and
the Linux Security Audit
<A HREF="http://www.att.net">http://www.att.net/~Bandit2006/</A>
to name the two with which I'm familiar).
</blockquote>
<!-- end body -->
<!--startcut ======================================================= -->
<P> <hr> <P>
<H5 align="center"><a href="http://www.linuxgazette.com/copying.html"
>Copyright &copy;</a> 1998, James T. Dennis <BR>
Published in <I>Linux Gazette</I> Issue 32 September 1998</H5>
<P> <hr> <P>
<!--::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<table width="98%"><tr valign="center" align="center">
<td rowspan="3"><A HREF="./lg_answer32.html"><IMG
SRC="../gx/dennis/answernew.gif"
ALT="[ Answer Guy Index ]"></A></td>
<td><A HREF="tag_phreak.html">phreak</A>
<td><A HREF="tag_abandon.html">abandon</A>
<td><A HREF="tag_javaterm.html">javaterm</A>
<td><A HREF="tag_BBS.html">BBS</A>
<td><A HREF="tag_flaws.html">flaws</A>
<td><A HREF="tag_doslinux.html">doslinux</A>
<td><A HREF="tag_resume.html">resume</A>
</tr><tr valign="center" align="center">
<td><A HREF="tag_softwindows.html">softwindows</A>
<td><A HREF="tag_convert.html">convert</A>
<td><A HREF="tag_apache.html">apache</A>
<td><A HREF="tag_emulate.html">emulate</A>
<td><A HREF="tag_database.html">database</A>
<td><A HREF="tag_distrib.html">distrib</A>
<td><A HREF="tag_proxy.html">proxy</A>
</tr><tr valign="center" align="center">
<td><A HREF="tag_disable.html">disable</A>
<td><A HREF="tag_DVI.html">DVI</A>
<td><A HREF="tag_superblock.html">superblock</A>
<td><A HREF="tag_serial.html">serial</A>
<td><A HREF="tag_permission.html">permission</A>
<td><A HREF="tag_detach.html">detach</A>
<td><A HREF="tag_cdr.html">cdr</A>
</tr><tr valign="center" align="center">
<td><A HREF="tag_rs422.html">rs422</A>
<td><A HREF="tag_modem.html">modem</A>
<td><A HREF="tag_notfound.html">notfound</A>
<td><A HREF="tag_tuning.html">tuning</A>
<td><A HREF="tag_libc5.html">libc5</A>
<td><A HREF="tag_startup.html">startup</A>
<td><A HREF="tag_clock.html">clock</A>
<td><A HREF="tag_ping.html">ping</A>
</tr><tr valign="center" align="center">
<td><A HREF="tag_accounts.html">accounts</A>
<td><A HREF="tag_lilo.html">lilo</A>
<td><A HREF="tag_NDS.html">NDS</A>
<td><A HREF="tag_95slow.html">95slow</A>
<td><A HREF="tag_nonlinux.html">nonlinux</A>
<td><A HREF="tag_progenv.html">progenv</A>
<td><A HREF="tag_cluster.html">cluster</A>
<td><A HREF="tag_ftpd.html">ftpd</A>
</tr></table>
<P> <hr> <P>
<!--::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::-->
<A HREF="./index.html"><IMG SRC="../gx/indexnew.gif"
ALT="[ Table Of Contents ]"></A>
<A HREF="../index.html"><IMG SRC="../gx/homenew.gif"
ALT="[ Front Page ]"></A>
<A HREF="lg_bytes32.html"><IMG SRC="../gx/back2.gif"
ALT="[ Previous Section ]"></A>
<A HREF="./stemen.html"><IMG SRC="../gx/fwd.gif"
ALT="[ Next Section ]"></A>
<!--::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::-->
</body>
</html>
<!--endcut ========================================================= -->
Reference in New Issue View Git Blame Copy Permalink