Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!newshost.telstra.net!kettle.magna.com.au!news.cs.su.oz.au!harbinger.cc.monash.edu.au!simtel!zombie.ncsc.mil!news.mathworks.com!tank.news.pipex.net!pipex!dispatch.news.demon.net!demon!kiss.demon.co.uk From: phil@zipmail.co.uk (Phil Taylor) Newsgroups: comp.unix.bsd.freebsd.misc Subject: Re: rsh , help please Date: Thu, 19 Oct 1995 16:08:13 GMT Organization: Lan Systems Lines: 52 Message-ID: <814118963.755@kiss.demon.co.uk> References: <464ghi$g1v@mippet.ci.com.au> Reply-To: phil@zipmail.co.uk NNTP-Posting-Host: kiss.demon.co.uk X-NNTP-Posting-Host: kiss.demon.co.uk X-Newsreader: Forte Free Agent 1.0.82 Ferry Winarta <ferryw@softplus.com.au> wrote: >Hi all, >I have a few questions : >How to configure a user, to use restricted shell (rsh) in FreeBSD 2.0 ? >If I configure a user to use rsh, can I ftp using this user. What I try >to achieve is to have a ftp user who is restricted to his/her own home >directory (like anonymous ftp). The way I did it to allow users to modify their own homepages on our web server without giving them access to the rest of the machine was at ~ line 457 in /src-home-dir/libexec/ftpd/ftpd.c change guest = 0 to guest = 1, and then re-compile and re-install. This has the effect of chroot'ing all ftp logins to the users home directory. They have to enter their valid password although the messages they get would seem like they are going in via anonymous, this can be changed with a simple if (strcmp(name,"anonymous")) type command to give proper messages . The only problems that this causes is that you must either create a link to /bin/sh or copy sh in a bin dir off all users home dirs, otherwise they wont be able to list any files in their home dir (not necessarily a bad thing !!) Also ALL users are chrooted (even root) this can be changed with another strcmp, i.e. set guest to 0 if user is root. I will probably get flamed as there is probably a better way of doing this but who cares, it works for me 8-) If there is a better way please tell me any I will use it, also if their is a way not to have to sym link to ~user/bin/ls everytime I would like to hear about it. Cheers Phil >thanks in advance >regards >ferry