bezpecne ftp (home dir only)

Jakub Soucek jakub.soucek na spika.cz
Úterý Leden 5 12:39:52 CET 1999


>potrebujem zriadit ftp pristup niektorym userom bezpecnym sposobom, user by
>mali mat pravo len ftp a len na vlastny home dir...


V /etc/passwd takto:
webuser:x:550:551::/home/webroot/./web:/etc/ftponly

(Pri prihlaseni pres FTP se provede chroot na adresar /home/webroot
a cd do adresare web.)

a uzivatele webuser zaradit take do skupiny napr. ftponly.

Potom konfigurace v /etc/ftpaccess:
------------------------------
guestgroup ftponly
# ... atd
#povolit upload
upload /home/webroot /web* yes webuser webuser 0644 dirs
# a zakazat urcita jmena, tj. napriklad zacinajici teckou
path-filter anonymous /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
path-filter guest /etc/pathmsg ^[-A-Za-z0-9_\.]*$ ^\. ^-
# atd...
---------------------------------------------

/etc/ftponly skript (je potreba ho take zaradit do /etc/shells):

#!/bin/sh
# ftponly shell
#
trap "/bin/echo Sorry; exit 0" 1 2 3 4 5 6 7 10 15
#
IFS=""
Admin="admin na host"
System="my.system.cz"
#
/bin/echo
/bin/echo "********************************************************************"
/bin/echo "    You are NOT allowed interactive access to $System."
/bin/echo "     User accounts are restricted to ftp and web access."
/bin/echo "   Direct questions concerning this policy to $Admin."
/bin/echo "********************************************************************"
/bin/echo
#
exit 0

Doufam, ze jsem na nic nezapomnel. U mne to funguje, alespon pro wu-ftp.

----------------------------------------------------------
Jakub Souček, jakub.soucek na spika.cz, ICQ#:22139733
Spika, K Cervenemu dvoru 18, Praha 10, http://www.spika.cz
----------------------------------------------------------
Teplé pivo je horší než studená Němka
----------------------------------------------------------



Další informace o konferenci Linux