Hi!
I have only used pureftpd as ftp server, and I am sure there are other ftp servers with their own variants on this. But, if you want to do this using pureftpd, check out the documentation below:
Code:
------------------------ PER-USER CHROOT() RULES ------------------------
Apart from the "-a" flag, Pure-FTPd has another way to fine-tune chroot()
rules. Let's take an /etc/passwd entry:
mimi:x:501:100:Mimi:/home/mimi:/bin/zsh
Without any special rule, mimi will be able to log in and to retrieve any
public-readable file in the filesystem. Now, let's change a bit of its home
directory:
mimi:x:501:100:Mimi:/home/mimi/./:/bin/zsh
So what? Mimi's home directory is still the same and common applications
shouldn't notice any difference. But Pure-FTPd understands "chroot() until
/./". So when mimi next carries out a FTP log in, only the /home/mimi
directory will be reachable, not the whole filesystem. If you don't like the
"-a" and its trusted gid thing, this is a good way to only chroot() some
users. Another trick is to add something after "/./":
mimi:x:501:100:Mimi:/home/mimi/./public_html:/bin/zsh
When Mimi will log in, two things will happen:
- chroot("/home/mimi") so that Mimi can't see anything but her home directory.
- chdir("public_html") so the session will start in the public_html
directory. "cd .." is still allowed, though.
That "url-style" handling is especially handy for FTP-only users (ie.
without shell access) .
If a user is chrooted with the /./ trick *and* belongs to the trusted group
(-a) he *will* be chrooted, but he will have no ratio and will be allowed to
access dot files.
Best regards,
HMW
