Hi Simon, Thursday, August 29, 2002, 12:52:00 AM, you wrote:
> From: "Ben Kennish" <[EMAIL PROTECTED]> >> Hi all, >> >> Does anyone know exactly how the 'chrtftp' priv works? Has proftpd >> been patched to observe /etc/vsd/priv ? >> > Yep, some time ago I provided a patch for ProFTPd 1.2.4 which does this: > http://www.expio.co.nz/~sgarner/freevsd/rh72pkgs/SOURCES/proftpd-1.2.4-freev > sd.patch > I notice there are a couple of newer versions of ProFTPd available now, > although both are just bugfix/feature releases, not security fixes. The > patch is very small so it would probably be trivial to update it if you > wanted to. > What it does is, if the user has chrtftp priv then they get jailed. If they > just have ftp priv, they don't. They always need the ftp priv to connect (so > jailed = ftp+chrtftp, normal = ftp). > In your /etc/pam.d/ftp file you will need a line like: > auth required /lib/security/pam_vsd.so priv=ftp Thanks for the info. >> Also, what is the use for chrtftp priv - y not just add >> >> DefaultRoot ~ (username) >> >> to proftpd.conf? >> > The problem with that is it's a per-group setting rather per-user, and has > to be maintained via the proftpd.conf file. I find it much more convenient > to allow jailed and non-jailed FTP per-user via the VSD privs, keeping all > user privileges together in one file. OK, each to their own I suppose. ;) Nah, I suppose I agree actually although being a power user (obviously), I like the power of things like "DefaultRoot ~/../../ ben" in proftpd.conf. > -Simon Kind Regards, -- Ben Kennish [EMAIL PROTECTED] ------------------------- The freeVSD Support List -------------------------- Subscribe: mailto:[EMAIL PROTECTED]?body=subscribe%20freevsd-support Unsubscribe: mailto:[EMAIL PROTECTED]?body=unsubscribe%20freevsd-support Archives: http://freevsd.org/support/mail-archives/freevsd-support -----------------------------------------------------------------------------
