Any way to limit an incoming ftp user's directory to just
his home directory and inside (like /usr/lib/rsh) on Solaris 8?

All I can see is no because in.ftpd implements its ftp protocol
without regarding to cd-ing around the filesystem.

I hear Solaris 9 and Solaris 10 in.ftpd provide the capability
to restrict.

I don't want to switch to proftp nor wu-ftp and seek a solution
using Solaris 8 ftp/in.ftpd.

Stuart

cracraft@cox.net wrote On 09/28/05 16:54,:
> Any way to limit an incoming ftp user's directory to just
> his home directory and inside (like /usr/lib/rsh) on Solaris 8?
> 
> All I can see is no because in.ftpd implements its ftp protocol
> without regarding to cd-ing around the filesystem.
> 
> I hear Solaris 9 and Solaris 10 in.ftpd provide the capability
> to restrict.

That's because the ftp provided with S9 and up is WU-FTP, according to
Spectrum infodoc 82393.

> I don't want to switch to proftp nor wu-ftp and seek a solution
> using Solaris 8 ftp/in.ftpd.

I don't think you have a choice. Unless you want to upgrade to S9.

> 
> Stuart
> 

On Thu, 29 Sep 2005 09:32:14 -0400, ML Starkey <martha.starkey@sun.com> wrote:

>cracraft@cox.net wrote On 09/28/05 16:54,:
>> Any way to limit an incoming ftp user's directory to just
>> his home directory and inside (like /usr/lib/rsh) on Solaris 8?
>> 
>> All I can see is no because in.ftpd implements its ftp protocol
>> without regarding to cd-ing around the filesystem.
>> 
>> I hear Solaris 9 and Solaris 10 in.ftpd provide the capability
>> to restrict.
>
>That's because the ftp provided with S9 and up is WU-FTP, according to
>Spectrum infodoc 82393.
>
>> I don't want to switch to proftp nor wu-ftp and seek a solution
>> using Solaris 8 ftp/in.ftpd.
>
>I don't think you have a choice. Unless you want to upgrade to S9.
>
>> 
>> Stuart
>> 
I struggled with this for years with Wu-ftp.  I finally made the move to proftp.
It works like a champ for locking down the directories without having to setup a
local bin/lib directory for each user.  It is very easy to setup on Solaris.
You can also have different transfer logs for each user.

http://www.proftpd.org/


here is snip from my config file:

<Anonymous /u/home/xyz>
  User                    xyz
  Group                   nogroup
  AnonRequirePassword     on
  AllowOverwrite          on
  TransferLog             /var/log/xyz.xfers
  <Limit MKD RMD>
    DenyAll
  </Limit>
</Anonymous>


<Anonymous /u/home/abc>
 User                    abc
 Group                   nogroup
 AnonRequirePassword     on
 AllowOverwrite          on
 TransferLog             /var/log/abc.xfers
 <Limit DELE APPE RNTO STOR WRITE CWD MKD RMD>
   DenyAll
 </Limit>
</Anonymous>

Gary Quiring

Okay - I've heard several people suggest separate bin, lib, etc.
directories per-user.

Can you say what context this applies to?

I know of no way, with or without filesystem/sub-filesystem/directory,
to limit a user
in Solaris 8 in.ftpd to the home directory or any other directory.

The ftp server simply does not provide it and cannot be crow-barred
into it for that
particular Solaris 8 in.ftpd.

Thanks,

Stuart

On 4 Oct 2005 13:05:42 -0700, cracraft@cox.net wrote:

>Okay - I've heard several people suggest separate bin, lib, etc.
>directories per-user.
>
>Can you say what context this applies to?
>
>I know of no way, with or without filesystem/sub-filesystem/directory,
>to limit a user
>in Solaris 8 in.ftpd to the home directory or any other directory.
>
>The ftp server simply does not provide it and cannot be crow-barred
>into it for that
>particular Solaris 8 in.ftpd.
>
>Thanks,
>
>Stuart
If you get ProFTP you can lock down a user account or all accounts to the
current directory with NO hassles.  Just change your /etc/inetd.conf file to use
the proftp binary for your FTP server.

inetd.conf:
ftp     stream  tcp     nowait  root    /usr/local/sbin/proftpd proftpd


Gary Quiring