Subject: Re: Giving Vhost users access
From: Gawain Reifsnyder (gawain@guitar.net)
Date: Sat Dec 02 2000 - 10:56:22 MST
At 6:23 PM -0700 on 12/1/00, Neil Jolly wrote:
>What you want to do is create a chroot jail for your users. Here's a sample
>of what you need to add to your /etc/proftpd.conf:
>
>ServerName "ProFTPD"
>ServerType standalone
>DefaultServer on
>DefaultRoot ~ #This is what creates the chroot jail
>IdentLookups off #This speeds up your logins
>MaxLoginAttempts 3 #prevents people from forcing passwords
>
>#You can also use the limit command to deny certain commands to users.
>
> <Limit MKD DELE>
> DenyUser example
> </Limit>
>
>To complete the chroot jail assign the directory you want to restrict the
>users to as the users home directory. For more information see:
>http://www.proftpd.net/
Thanks for your help. I think I'm about 3/4 of the way there... I've
configured my DefaultRoot line like this:
DefaultRoot ~ !staff
so that any user not in the group "staff" is jailed into their home
directory. This part is working very well. The next step is denying
shell access. I've found that setting a user's shell to /bin/false or
/dev/null in /etc/passwd also denys them access to the ftp server,
even if RequireValidShell is set to false.
Am I still missing something?
Gawain
This archive was generated by hypermail 2a24 : Sat Dec 02 2000 - 10:58:08 MST