ftpd not chroot'ing
Gunther Mayer
gunther.mayer at googlemail.com
Thu Dec 11 11:30:44 PST 2008
Hi guys,
I'm trying to set up a really simple, single account write only ftp
service. So I put
ftpd_enable="YES"
ftpd_flags="-o -d"
in my rc.conf and started the ftp server. Now I have a special password
enabled user account called "camera" (none of the other accounts have
passwords, all logins are either remote ssh with keys or local terminal
access with root) with login shell /bin/sh.
So far so good. All I want to do now is now use the chroot facility of
ftpd so that when user "camera" logs in ftpd will chroot the session to
its home directory (/home/camera). man ftpd and man ftpchroot tells me
to put something like
camera yes
in /etc/ftpchroot. But once I do that I always get:
$ ftp myserver.mydomain.com
Connected to myserver.mydomain.com
220 myserver FTP server (Version 6.00LS) ready.
Name (mypc:test): camera
331 Password required for camera.
Password:
550 Can't change root.
Login failed.
ftp> quit
221 Goodbye.
If I disable that line in /etc/ftpchroot by commenting it out I can log
in perfectly fine though. Even debug log messages (-d) don't tell me
anything more than "can't change root" :-(
The alternative as stated by "man ftpd" - putting a ":ftp-chroot=true:"
in /etc/login.conf and doing a cap_mkdb /etc/login.conf seems to make no
difference as no chroot is in effect (I can still cd .. and get to /home).
What am I doing wrong?
Gunther
More information about the freebsd-questions
mailing list