[ale] FTP Server on Linux
Ed Landa
elanda at comstar.net
Mon Jan 25 14:15:58 EST 1999
> I looked in the ftpaccess man page, and I tried exactly what you quote here.
> I noticed that this does not work unless you give the user a valid shell.
> Does this sound right?
Correct. We just assign '/bin/false' as the users shell and the put an
entry in /etc/shells for it.
> Also, are there any exploits I should know about which would let them
> _around_ the security I set up here.
I don't know of any. It truely is running in a chroot environment, so even
if they did manage to exploit something, they would just be root within
their own web site.
> I also noticed a bunch of prose about setting up security properly for other
> directories. Would I NOT need to do this if I use the guestgroup options?
Hmm, to what in particular are you referring? The only way to get the ftpd
to perform the chroot is by using the guestgroup option.
Ed
More information about the Ale
mailing list