From 411365f15d431cee967e5d16b04ee1687c259a3c Mon Sep 17 00:00:00 2001 From: yar Date: Sun, 26 Jan 2003 19:02:56 +0000 Subject: Extend the format of /etc/ftpchroot so an alternative chroot directory can be specified for a user or a group. Add the manpage ftpchroot(5) since the file's format has grown complex enough. PR: bin/45327 Portions submitted by: Hideki SAKAMOTO MFC after: 1 week --- libexec/ftpd/ftpchroot.5 | 109 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 109 insertions(+) create mode 100644 libexec/ftpd/ftpchroot.5 (limited to 'libexec/ftpd/ftpchroot.5') diff --git a/libexec/ftpd/ftpchroot.5 b/libexec/ftpd/ftpchroot.5 new file mode 100644 index 0000000..8c8f629 --- /dev/null +++ b/libexec/ftpd/ftpchroot.5 @@ -0,0 +1,109 @@ +.\" Copyright (c) 2003 FreeBSD Project +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd January 26, 2003 +.Dt FTPCHROOT 5 +.Os +.Sh NAME +.Nm ftpchroot +.Nd list users and groups subject to FTP access restrictions +.Sh DESCRIPTION +The file +.Nm +is read by +.Xr ftpd 8 +at the beginning of an FTP session, after having authenticated the user. +Each line in +.Nm +corresponds to a user or group. If a line in +.Nm +matches the current user or a group he is a member of, +access restrictions will be applied to this +session by changing its root directory with +.Xr chroot 2 +to that specified on the line or to the user's login directory. +.Pp +The order of records in +.Nm +is important because the first match will be used. +Fields on each line are separated by tabs or spaces. +.Pp +The first field specifies a user or group name. +If it is prefixed by an +.Qq at +sign, +.Ql \&@ , +it specifies a group name; +the line will match each user who is a member of this group. +As a special case, a single +.Ql \&@ +in this field will match any user. +A username is specified otherwise. +.Pp +The optional second field describes the directory for the user +or each member of the group to be locked up in using +.Xr chroot 2 . +If it is not an absolute pathname, then it will be relative +to the user's login directory. +Be this field omitted, the user's login directory will be used. +.Sh FILES +.Bl -tag -width /etc/ftpchroot -compact +.It Pa /etc/ftpchroot +.El +.Sh EXAMPLES +These lines in +.Nm +will lock up the user +.Qq webuser +and each member of the group +.Qq hostee +in their respective login directories: +.Bd -literal -offset indent +webuser +@hostee +.Ed +.Pp +And this line will lock up the user +.Qq joe +in +.Pa /var/spool/ftp : +.Bd -literal -offset indent +joe /var/spool/ftp +.Ed +.Pp +And finally the following line will lock up every user connecting +through FTP in his respective +.Pa \&~/public_html , +thus lowering possible impact on the system +from intrinsic insecurity of FTP: +.Bd -literal -offset indent +@ public_html +.Ed +.Sh SEE ALSO +.Xr chroot 2 , +.Xr group 5 , +.Xr passwd 5 , +.Xr ftpd 8 . -- cgit v1.1