From: "Ben Kennish" <[EMAIL PROTECTED]> > Hi all, > > Does anyone know exactly how the 'chrtftp' priv works? Has proftpd > been patched to observe /etc/vsd/priv ? >
Yep, some time ago I provided a patch for ProFTPd 1.2.4 which does this: http://www.expio.co.nz/~sgarner/freevsd/rh72pkgs/SOURCES/proftpd-1.2.4-freev sd.patch I notice there are a couple of newer versions of ProFTPd available now, although both are just bugfix/feature releases, not security fixes. The patch is very small so it would probably be trivial to update it if you wanted to. What it does is, if the user has chrtftp priv then they get jailed. If they just have ftp priv, they don't. They always need the ftp priv to connect (so jailed = ftp+chrtftp, normal = ftp). In your /etc/pam.d/ftp file you will need a line like: auth required /lib/security/pam_vsd.so priv=ftp > Also, what is the use for chrtftp priv - y not just add > > DefaultRoot ~ (username) > > to proftpd.conf? > The problem with that is it's a per-group setting rather per-user, and has to be maintained via the proftpd.conf file. I find it much more convenient to allow jailed and non-jailed FTP per-user via the VSD privs, keeping all user privileges together in one file. -Simon ------------------------- The freeVSD Support List -------------------------- Subscribe: mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support Unsubscribe: mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support Archives: http://freevsd.org/support/mail-archives/freevsd-support -----------------------------------------------------------------------------
