hello to any1

just asking if ftpd service on FreeBSD has a config file

i use it a lot, it is a good service, but, if i need to "limit" users to browse just on ~ (home dir) i cannot find a solution 'cause i dunno if does exist a config file for the ftpd service

(as for example proftpd does)

any help please?
xer

just asking if ftpd service on FreeBSD has a config file

i use it a lot, it is a good service, but, if i need to "limit" users to browse just on ~ (home dir) i cannot find a solution 'cause i dunno if does exist a config file for the ftpd service

(as for example proftpd does)

Nope, see ftpd.

Nope, see ftpd.

jeez i knew.. i thought was a forgotten feature.
pity
thanx a lot
xer

... i need to "limit" users to browse just on ~ (home dir)...

You may have already discovered this in the manpages, but all you need to do is add the user to be chrooted to /etc/ftpchroot.

You may have already discovered this in the manpages, but all you need to do is add the user to be chrooted to /etc/ftpchroot.

oh, yes, thank you for remind me and for leave a trace on the forum, i did read it and i also i did some configurations about it, it works very well! :P

but i tought that there was some others features as virtual users and so on.. that's why i asked if exist about ftpd.config

anyway it is a good service too, i use it a lot :e
thanx

oh, yes, thank you for remind me and for leave a trace on the forum, i did read it and i also i did some configurations about it, it works very well! :P

but i tought that there was some others features as virtual users and so on.. that's why i asked if exist about ftpd.config

anyway it is a good service too, i use it a lot :e
thanx
but... ftpd.conf does exist!

i found this:
http://www.freebsd.org/cgi/man.cgi?query=ftpd.conf&sektion=5&apropos=0&manpath=FreeBSD+7.2-RELEASE

but no examples on shares.... that's what i was looking for..
i have a 7.1 i'm going to make freebsd-update to see if share will be update

but... ftpd.conf does exist!

i found this:
http://www.freebsd.org/cgi/man.cgi?query=ftpd.conf&sektion=5&apropos=0&manpath=FreeBSD+7.2-RELEASE

but no examples on shares.... that's what i was looking for..
i have a 7.1 i'm going to make freebsd-update to see if share will be update

aw.. men.. this is totally absurd :(
http://www.nabble.com/docs-133468:-ftpd.conf(5)-mentions--usr-share-examples-ftpd-ftpd.conf,-which-does-not-exist-td22935157.html

how can is possible?
where i can find an example of it?
i don't wanna use NETBSD version ... :-(

ftpd.conf?

ftpd.conf?

yes, that is what i found, i wonder why there is not examples about, so, i made one of them using man (5) but for a new bee?

i'm still wonder why even for latest 7.2-RELEASE this bug is still present...

I had issues before with the default ftpd (/usr/libexec/ftpd), it doesnt respect ftpd.conf
http://www.freebsd.org/cgi/query-pr.cgi?pr=i386/128225

So in the base there is another ftpd daemon - lukemftpd (netbsd ftp server daemon) it respects all conf files - ftpd.conf, ftpchroot, ftpusers, login.conf, also in homedir .login_conf

I use it insted of default ftpd and so far i havent any problems with it.

I had issues before with the default ftpd (/usr/libexec/ftpd), it doesnt respect ftpd.conf
http://www.freebsd.org/cgi/query-pr.cgi?pr=i386/128225

So in the base there is another ftpd daemon - lukemftpd (netbsd ftp server daemon) it respects all conf files - ftpd.conf, ftpchroot, ftpusers, login.conf, also in homedir .login_conf

I use it insted of default ftpd and so far i havent any problems with it.

mmm... i had like to use a "base" service, proftpd works very well but_is_not_freebsd_base

i had like to use bandwidth control, so.. if ftpd does not "see" ftpd.conf.. this is a pity
anyway, instead ftpd, better to use pureftp or proftp...
but i still hope that ftpd will be revised soon.
thank you
xer

I was about to use proftpd, because it is very "configurable", but a friend of mine with better skills adviced me - better not use proftp, because of some security issues (I think they are already fixed). He told me about pure-ftpd and on one of my machines I tried it - its good - it has bandwith throttling and chrooting (little tricky).

Hello,
I know the thread is old but I got a similar problem with ftpd.

Is there still really no way ftpd can use the ftpd.conf-file?

My problem is, that I want to chroot ftp users to a specific directory, e.g. to a subdirectory of his home directory.
I know about the ftpchroot-file and used it so far, but it only restricts the user to his home directory.
So i tried to use ftpd.conf with the following entry:
chroot all /%d/ftp

So as I can't use ftpd.conf to chroot a user like this, is there any other way with ftpd?

well, my answer is VERY "quick" so take it under your responsability ;-)

if you want chroot a FTP you can change the path on /etc/passwd
as follow:
xer:*:1001:0:xer:/YOUR_PATH_HERE:/bin/sh

and yes, for my concern, i think that best way is to use "pure_ftp" even for a better "virtual users"

nor as you can see in this thread, you can use /etc/ftpchroot
http://forums.freebsd.org/showpost.php?p=23271&postcount=5

hope it help

Thanks for your quick suggestions.


if you want chroot a FTP you can change the path on /etc/passwd
as follow:
xer:*:1001:0:xer:/YOUR_PATH_HERE:/bin/sh

So, you mean I just should change the users home directory to the desired directory and chroot the user with ftpchroot to it?
Well that's possible but not optimal I think.
The reason I wanted to restrict the ftp user to another directory unlike the actual home directory is that I don't want him to see all these configuration files.
Or does a chrooted directory have to contain files like .cshrc or is it possible to use a completely empty folder?

So i tried to use ftpd.conf with the following entry:
chroot all /%d/ftp

Could you try
%d/ftp
instead?

Could you try
%d/ftp
instead?
I already tried that before.
But ftpd demon does not respect ftpd.conf.

Nevertheless thanks for your suggestion...

You do know this?

/etc/ftpchroot
The file /etc/ftpchroot is used to determine which users will have their
session's root directory changed (using chroot(2)), either to the direc-
tory specified in the ftpd.conf(5) chroot directive (if set), or to the
home directory of the user. If the file does not exist, the root direc-
tory change is not performed.

Yes, I know...
As I said I use ftpchroot so far.

But it does not respect ftpd.conf and with ftpchroot alone it's only possible to restrict the user to it's home directory, not to an arbitrary folder.

Yes, I know...
As I said I use ftpchroot so far.

But it does not respect ftpd.conf and with ftpchroot alone it's only possible to restrict the user to it's home directory, not to an arbitrary folder.

I'm totally disagree about what you wrote, sorry.
Did you made some tests?

Well, i'll do it for you.
Let's talk about FreeBSD 7.1-RELEASE

labs# cat /etc/passwd
(cutted text)
xer:*:1001:0:'xer':/home/xer:/bin/sh

as you can see, i just leaved passwd with home dir


labs# cat /etc/ftpchroot
xer /usr/home/xer/bubu

As you can see, i did restrict the user "xer" to see JUST
the "bubu" dir inside his home dir and with nothing inside.

Let's try a test with what you want, a DIR not inside HOME


labs# pwd
/
labs# mkdir bubu
labs# cd /bubu
labs# pwd
labs# /bubu
labs# touch for_my_friend
labs# ls -la
total 4
drwxr-xr-x 2 root wheel 512 Jun 25 14:46 .
drwxr-xr-x 20 root wheel 512 Jun 25 14:46 ..
-rw-r--r-- 1 root wheel 0 Jun 25 14:48 for_my_friend
labs# cd ..
labs# ee /etc/ftpchroot
(make the right modifies example "xer /bubu/)
so "USER" "dir_chrooted"

labs# cat /etc/ftpchroot
labs# xer /bubu


As you can see dir "bubu" is on main root and not inside
home dir

Try to make an ftp connection you can see just that dir and
home dir is untouched:

User: xer
331 Password required for xer.
Password:
230 User xer logged in, access restrictions apply.
ftp> ls -la
200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
total 4
drwxr-xr-x 2 0 0 512 Jun 25 14:46 .
drwxr-xr-x 2 0 0 512 Jun 25 14:46 ..
-rw-r--r-- 1 0 0 0 Jun 25 14:48 for_my_friend
226 Transfer complete.
ftp: 142 bytes received in 0,00secons 142000,00Kbyte/sec)
ftp>

As you can see it show the "content" of /bubu and not of /usr/home/xer/bubu

This look as a reasonable solution?
I think yes, it works.
;)

I suggest you to make some good tests, if you need some help any more, ask again.
xer

labs# cat /etc/ftpchroot
xer /usr/home/xer/bubu

Where did you get this from? It's not documented anywhere, as far as I can see.

Where did you get this from? It's not documented anywhere, as far as I can see.

What? About bubu?
:) joking..

well, i started this thread, so i went around and around on google and i found this:

http://leaf.dragonflybsd.org/cgi/web-man?command=ftpchroot&section=5

it works, dragonfly is freebsd!

ftpd.conf as you know, it is impossible to get on FreeBSD, also i did found it on a OpenBSD CVS, but it is not fully working.

Anyway, it seems that "ftpd" on freebsd has been abandoned, so far ftpd.conf, so i use pure ftpd (on a production machine)

Well, it sucks to high heaven that this isn't documented in ftpchroot on FreeBSD. Would have saved a lot of people a lot of trouble. If it works for standard FreeBSD ftp, that is.

And I'm happy to say that it works (for /usr/libexec/ftpd). Quite an oversight for a FreeBSD man page!

Well, this is interesting! There is a correct man file for ftpchroot, but it's only in the source tree...

man /usr/src/libexec/ftpd/ftpchroot.5 (it's six years old!)

I tracked it down thanks to a PR filed back in 2006! I've filed another PR, linking the problem in this thread (and its solution) and the old PR. Hope the abominable documentation for ftpd will be revised from scratch soon.

P.S., there's also man /usr/src/libexec/ftpd/ftpd.8. Haven't checked it against ftpd.

from:
http://www.freebsd.org/cgi/man.cgi?query=ftpchroot&sektion=5&apropos=0&manpath=FreeBSD+7.2-RELEASE

this part explain a little bit:

-------------

/etc/ftpchroot
The file /etc/ftpchroot is used to determine which users will have their
session's root directory changed (using chroot(2)), either to the direc-
tory specified in the ftpd.conf(5) chroot directive (if set), or to the
home directory of the user. If the file does not exist, the root direc-
tory change is not performed.

The syntax is similar to ftpusers, except that the class argument is
ignored. If there's a positive match, the session's root directory is
changed. No further comparisons are attempted after the first successful
match. This syntax is backward-compatible with the old syntax.
-------------

but its a little bit.. i does not explain too much

better dragonfly..
i wonder why, FreeBSD FTP server service is not expanded...
i think that will be a good service more usable..

why i must install pureftpd or proftpd?
btw, i use pure 'cause i don't trhust inetd/ftpd service that came with FreeBSD... :r

There's absolutely no mention whatsoever of the second field in /etc/ftpchroot being used as the new chroot directory.

Is the man-page going to be revised?

I don't know, all I can do is report the problem (again ..).

(Sorry, managed to confuse edit and quote buttons again ... says DutchDaemon ..)

so I thought I have to use the chroot option in ftpd.conf, which did not work.


Nokobon, just a question, were did you get ftpd.conf? If i'm not in error, this file DON'T came with FreeBSD installation...

I'm in error?

There's absolutely no mention whatsoever of the second field in /etc/ftpchroot being used as the new chroot directory.

Yes.. they wrote.. here:

---
The syntax is similar to ftpusers, except that the class argumen...
...

It's very clear.. :r
Maybe just ONLY for them! :(

That is not the same ... because ftpusers has nothing in the second field like a path or a directory; just class and directives stuff.

Nokobon, just a question, were did you get ftpd.conf? If i'm not in error, this file DON'T came with FreeBSD installation...

I'm in error?

There's a man file for it. Note: ftpusers and ftpchroot are also not installed by default, but there are man files for them in the base system, which leads to people installing them and using them according to the man file. And then everything starts to fall apart.

{pure/vs/pro}ftpd all has virtual user support. No need to create system user account. Personally, I prefer vsftpd. It has amazing set of features and it is really secure and fast ftp server. Turn on SSL and you are good to go. It also support throttling, IP limiting, virtual ftp hosting and much more.

{pure/vs/pro}ftpd all has virtual user support. No need to create system user account. Personally, I prefer vsftpd. It has amazing set of features and it is really secure and fast ftp server. Turn on SSL and you are good to go. It also support throttling, IP limiting, virtual ftp hosting and much more.

yep! you got it, i like to manage quote too ;-)

again: i wonder why FreeBSD staff did not expanded native ftpd...

I don't know, all I can do is report the problem (again ..).

Sorry, but I'm a bit confused now...
Why is my original post deleted and why is there a quote of xer that I originally wrote in that deleted post?
DutchDeamon, did you do that?

we are going on OT aren't?

@Nokobon. sorry, even though the Edit button is now red, I still manage to use it instead of the Quote button sometimes.

@Nokobon. sorry, even though the Edit button is now red, I still manage to use it instead of the Quote button sometimes.
Oh, okay...
So I'll try to remember what I wrote in that post:
I said that as in the man-page the option to give a specific dir to ftpchroot isn't mentioned, I thought I have to use ftpd.conf...

Thank you, xer!

{pure/vs/pro}ftpd all has virtual user support. No need to create system user account. Personally, I prefer vsftpd. It has amazing set of features and it is really secure and fast ftp server. Turn on SSL and you are good to go. It also support throttling, IP limiting, virtual ftp hosting and much more.
So the standard FreeBSD ftpd is the only one where you have to create system user accounts?
I just use it because in "Absolute FreeBSD" it's the only ftp-demon that is mentioned, but maybe I should use pure ftp or one of the others...

Nokobon, just a question, were did you get ftpd.conf? If i'm not in error, this file DON'T came with FreeBSD installation...

I'm in error?

I read in the manual pages about ftpd.conf and it's possibility to chroot a user to an arbitrary directory.
And since the file wasn't at the expected place I created it...


Well I'm not completely happy with the solution with ftpchroot.
Although I can change the root directory with it, I can't use variables like %d.
I tried to chroot a whole group with
@ftpusers %d/ftp
but that does not work, so it's not an entire alternative to the (theoretical) possibility in ftpd.conf...

I don't know it it works, but you could try using $HOME/ftp.

I don't know it it works, but you could try using $HOME/ftp.

Nope...doesn't work.

So the standard FreeBSD ftpd is the only one where you have to create system user accounts?
I just use it because in "Absolute FreeBSD" it's the only ftp-demon that is mentioned, but maybe I should use pure ftp or one of the others...

I guess it is a bit outdated and may be overrated book ;) the best place to get more info is this forum or mailing list about any good server. Most UNIX experienced sys admins and freebsd developers hang out there.

HTH

Yes, shure...on the forums I learn very much.
But I think Absolute FreeBSD is a great resource for beginner,too.
Maybe without that book I would have give up early...

Nevertheless I'll see If I could get another ftp-daemon soon :)

Nope...doesn't work.

Well, then I guess you'll have to script it ;)

grep /home /etc/passwd | awk -F: '{print $1" "$6"/ftp"}' > /etc/ftpchroot

Well, okay. Thanks for your advice...
But I think I'm going to use Pure-FTP now. :)