NAME
ftpchroot —
list users and groups subject to FTP
access restrictions
DESCRIPTION
The fileftpchroot is read by
ftpd(8) at the beginning of an FTP session, after having authenticated
the user. Each line in ftpchroot corresponds to a user
or group. If a line in ftpchroot matches the current
user or a group he is a member of, access restrictions will be applied to this
session by changing its root directory with
chroot(2) to that specified on the line or to the user's login
directory.
The order of records in ftpchroot is
important because the first match will be used. Fields on each line are
separated by tabs or spaces.
The first field specifies a user or group name. If it is prefixed
by an “at” sign, ‘@’, it
specifies a group name; the line will match each user who is a member of
this group. As a special case, a single
‘@’ in this field will match any user.
A username is specified otherwise.
The optional second field describes the directory for the user or each member of the group to be locked up in using chroot(2). Be it omitted, the user's login directory will be used. If it is not an absolute pathname, then it will be relative to the user's login directory. If it contains the /./ separator, ftpd(8) will treat its left-hand side as the name of the directory to do chroot(2) to, and its right-hand side to change the current directory to afterwards.
FILES
- /etc/ftpchroot
EXAMPLES
These lines in ftpchroot will lock up the
user “webuser” and each member of the
group “hostee” in their respective
login directories:
webuser @hostee
And this line will tell
ftpd(8) to lock up the user
“joe” in
/var/spool/ftp and then to change the current
directory to /joe, which is relative to the
session's new root:
joe /var/spool/ftp/./joeAnd finally the following line will lock up every user connecting through FTP in his respective ~/public_html, thus lowering possible impact on the system from intrinsic insecurity of FTP:
@ public_html