Re: allowing access to a single directory
On 2003-02-16 09:30, Walter [EMAIL PROTECTED] wrote: I want to allow an anonymous FTP user to see a directory in another slice, so I put a symbolic link to it. But then anyone could access my entire file system by appending combinations of ../ to a path name; e.g. ls share/../. Is there a way to stop this by only allowing access to the linked directory and nothing more? Symlinks in anonymous FTP don't work, since anonymous ftp sessions are chrooted in the home directory of the `ftp' user. You should probably move the files in ~ftp/stuff and then symlink to ~ftp/stuff from other parts of your tree. - Giorgos To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: allowing access to a single directory
Giorgos Keramidas wrote: On 2003-02-16 09:30, Walter [EMAIL PROTECTED] wrote: I want to allow an anonymous FTP user to see a directory in another slice, so I put a symbolic link to it. But then anyone could access my entire file system by appending combinations of ../ to a path name; e.g. ls share/../. Is there a way to stop this by only allowing access to the linked directory and nothing more? Symlinks in anonymous FTP don't work, since anonymous ftp sessions are chrooted in the home directory of the `ftp' user. You should probably move the files in ~ftp/stuff and then symlink to ~ftp/stuff from other parts of your tree. The /var slice does not have enough space to hold these files. So it sounds like I need to find another solution (like move in another HD). Thanks. Walter To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: allowing access to a single directory
Walter wrote: Giorgos Keramidas wrote: On 2003-02-16 09:30, Walter [EMAIL PROTECTED] wrote: I want to allow an anonymous FTP user to see a directory in another slice, so I put a symbolic link to it. But then anyone could access my entire file system by appending combinations of ../ to a path name; e.g. ls share/../. Is there a way to stop this by only allowing access to the linked directory and nothing more? Symlinks in anonymous FTP don't work, since anonymous ftp sessions are chrooted in the home directory of the `ftp' user. You should probably move the files in ~ftp/stuff and then symlink to ~ftp/stuff from other parts of your tree. The /var slice does not have enough space to hold these files. So it sounds like I need to find another solution (like move in another HD). Thanks. You could always move the FTP directory to a slice that has room. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: allowing access to a single directory
Bill Moran wrote: Walter wrote: Giorgos Keramidas wrote: On 2003-02-16 09:30, Walter [EMAIL PROTECTED] wrote: I want to allow an anonymous FTP user to see a directory in another slice, so I put a symbolic link to it. But then anyone could access my entire file system by appending combinations of ../ to a path name; e.g. ls share/../. Is there a way to stop this by only allowing access to the linked directory and nothing more? Symlinks in anonymous FTP don't work, since anonymous ftp sessions are chrooted in the home directory of the `ftp' user. You should probably move the files in ~ftp/stuff and then symlink to ~ftp/stuff from other parts of your tree. The /var slice does not have enough space to hold these files. So it sounds like I need to find another solution (like move in another HD). Thanks. You could always move the FTP directory to a slice that has room. Yes, I actually thought of that, but then I'd leave my (in this case) /usr slice vulnerable to being filled-up with ... junk. Unless I put in quotas, I suppose. Hmmm. I'll think on that; but I also have an HD which I'm not really using. To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message
Re: allowing access to a single directory
On 2003-02-16 16:54, Walter [EMAIL PROTECTED] wrote: You could always move the FTP directory to a slice that has room. Yes, I actually thought of that, but then I'd leave my (in this case) /usr slice vulnerable to being filled-up with ... junk. Unless I put in quotas, I suppose. Hmmm. I'll think on that; but I also have an HD which I'm not really using. One of the nice tricks that I've seen in use in anonymous FTP servers to avoid this problem was to mount a file of limited size as the server's /incoming directory. Anonymous users can still write files then, but they can only write a limited amount of data. In -stable, you'd use the vnconfig(8) utility. In -current, mdconfig(8). To Unsubscribe: send mail to [EMAIL PROTECTED] with unsubscribe freebsd-questions in the body of the message