On Fri, Mar 28, 2003 at 02:12:38PM -0800, David Davis wrote:
> Sam Phillips wrote:
> > Using a chroot you can do this. I've been using the jail tools which
> > make it easy to set stuff up:
> >
> > http://www.gsyc.inf.uc3m.es/~assman/jail/index.html
>
> In the proftpd configuration file, there is an option to automatically
> 'chroot' the user by setting "DefaultRoot ~". From a usability
> perspective, the user will logon with their username/password:hostname
> with whatever client and see "/" as their only directory choice.
>
> From the administrator's view, they just have to allow the user FTP
> access, and they will be set to go. No shell accounts to worry about
> ("/bin/false").
>
> The jail scripts mentioned above seem to create a subset of the
> directory structure to truly 'chroot' the user into their own space, but
> when they log in, they will see "/home/username" as their current
> directory. If they hit the 'up' button, they may get lost or confused.
>
> The administrator must create shell accounts, add the user to the jail,
> and somehow synchronize the password files if they change over time.
> Then, create a jail for each user? Share jail space between users? Who
> knows what the best answer is here.
My suggestion of jail was based no my previous suggestion of ssh. If
you are going to run FTP and that ftp daemon happens to ProFTPd then you
really shouldn't use jail because it does it fine on it's own.
The advantages of using jail (even in respect to ProFTPd) is that you
can (in theory) change which software you use to access your account and
the chroot will, for the most part, stay the same. Of course YMMV.
As for the syncronization of files inside and outside of the chroot tree
I've been meaning to do some experiments with mount with the --bind
option. --bind is a new mount feature in 2.4.0 that allows you to
remount parts of the file hierarchy to different places at the same time
which is handy inside of a chroot.
I use a debian chroot with mount --bind on my home to do work on lnx-bbc
as described here:
http://lnx-bbc.org/chroot.html
Also the mount(8) manpage is a good place to look.
--
Sam Phillips <[EMAIL PROTECTED]> http://www.dasbistro.com
Reno Nevada
_______________________________________________
RLUG mailing list
[EMAIL PROTECTED]
http://www.rlug.org/mailman/listinfo/rlug
