ftpd

hello to any1

just asking if ftpd service on FreeBSD has a config file

i use it a lot, it is a good service, but, if i need to "limit" users to browse just on ~ (home dir) i cannot find a solution 'cause i dunno if does exist a config file for the ftpd service

(as for example proftpd does)

any help please?
xer
 
xer said:
just asking if ftpd service on FreeBSD has a config file

i use it a lot, it is a good service, but, if i need to "limit" users to browse just on ~ (home dir) i cannot find a solution 'cause i dunno if does exist a config file for the ftpd service

(as for example proftpd does)

Nope, see ftpd(8).
 
xer said:
... i need to "limit" users to browse just on ~ (home dir)...

You may have already discovered this in the manpages, but all you need to do is add the user to be chrooted to /etc/ftpchroot.
 
anomie said:
You may have already discovered this in the manpages, but all you need to do is add the user to be chrooted to /etc/ftpchroot.

oh, yes, thank you for remind me and for leave a trace on the forum, i did read it and i also i did some configurations about it, it works very well! :p

but i tought that there was some others features as virtual users and so on.. that's why i asked if exist about ftpd.config

anyway it is a good service too, i use it a lot :e
thanx
 
xer said:
oh, yes, thank you for remind me and for leave a trace on the forum, i did read it and i also i did some configurations about it, it works very well! :p

but i tought that there was some others features as virtual users and so on.. that's why i asked if exist about ftpd.config

anyway it is a good service too, i use it a lot :e
thanx
but... ftpd.conf does exist!

i found this:
http://www.freebsd.org/cgi/man.cgi?query=ftpd.conf&sektion=5&apropos=0&manpath=FreeBSD+7.2-RELEASE

but no examples on shares.... that's what i was looking for..
i have a 7.1 i'm going to make freebsd-update to see if share will be update
 
xer said:
but... ftpd.conf does exist!

i found this:
http://www.freebsd.org/cgi/man.cgi?query=ftpd.conf&sektion=5&apropos=0&manpath=FreeBSD+7.2-RELEASE

but no examples on shares.... that's what i was looking for..
i have a 7.1 i'm going to make freebsd-update to see if share will be update

aw.. men.. this is totally absurd :(
http://www.nabble.com/docs-133468:-...pd.conf,-which-does-not-exist-td22935157.html

how can is possible?
where i can find an example of it?
i don't wanna use NETBSD version ... :-(
 
DutchDaemon said:

yes, that is what i found, i wonder why there is not examples about, so, i made one of them using man (5) but for a new bee?

i'm still wonder why even for latest 7.2-RELEASE this bug is still present...
 
I had issues before with the default ftpd (/usr/libexec/ftpd), it doesnt respect ftpd.conf
http://www.freebsd.org/cgi/query-pr.cgi?pr=i386/128225

So in the base there is another ftpd daemon - lukemftpd (netbsd ftp server daemon) it respects all conf files - ftpd.conf, ftpchroot, ftpusers, login.conf, also in homedir .login_conf

I use it insted of default ftpd and so far i havent any problems with it.
 
  • Thanks
Reactions: xer
edhunter said:
I had issues before with the default ftpd (/usr/libexec/ftpd), it doesnt respect ftpd.conf
http://www.freebsd.org/cgi/query-pr.cgi?pr=i386/128225

So in the base there is another ftpd daemon - lukemftpd (netbsd ftp server daemon) it respects all conf files - ftpd.conf, ftpchroot, ftpusers, login.conf, also in homedir .login_conf

I use it insted of default ftpd and so far i havent any problems with it.

mmm... i had like to use a "base" service, proftpd works very well but_is_not_freebsd_base

i had like to use bandwidth control, so.. if ftpd does not "see" ftpd.conf.. this is a pity
anyway, instead ftpd, better to use pureftp or proftp...
but i still hope that ftpd will be revised soon.
thank you
xer
 
I was about to use proftpd, because it is very "configurable", but a friend of mine with better skills adviced me - better not use proftp, because of some security issues (I think they are already fixed). He told me about pure-ftpd and on one of my machines I tried it - its good - it has bandwith throttling and chrooting (little tricky).
 
  • Thanks
Reactions: xer
Hello,
I know the thread is old but I got a similar problem with ftpd.

Is there still really no way ftpd can use the ftpd.conf-file?

My problem is, that I want to chroot ftp users to a specific directory, e.g. to a subdirectory of his home directory.
I know about the ftpchroot-file and used it so far, but it only restricts the user to his home directory.
So i tried to use ftpd.conf with the following entry:
Code:
chroot all /%d/ftp

So as I can't use ftpd.conf to chroot a user like this, is there any other way with ftpd?
 
well, my answer is VERY "quick" so take it under your responsability ;-)

if you want chroot a FTP you can change the path on /etc/passwd
as follow:
xer:*:1001:0:xer:/YOUR_PATH_HERE:/bin/sh

and yes, for my concern, i think that best way is to use "pure_ftp" even for a better "virtual users"

nor as you can see in this thread, you can use /etc/ftpchroot
http://forums.freebsd.org/showpost.php?p=23271&postcount=5

hope it help
 
Thanks for your quick suggestions.

xer said:
if you want chroot a FTP you can change the path on /etc/passwd
as follow:
xer:*:1001:0:xer:/YOUR_PATH_HERE:/bin/sh
So, you mean I just should change the users home directory to the desired directory and chroot the user with ftpchroot to it?
Well that's possible but not optimal I think.
The reason I wanted to restrict the ftp user to another directory unlike the actual home directory is that I don't want him to see all these configuration files.
Or does a chrooted directory have to contain files like .cshrc or is it possible to use a completely empty folder?
 
You do know this?

Code:
   /etc/ftpchroot
     The file /etc/ftpchroot is used to determine [I]which users will have their
     session's root directory changed[/I] (using chroot(2)), either to the direc-
     tory specified in the ftpd.conf(5) chroot directive (if set), or to the
     home directory of the user.  If the file does not exist, the root direc-
     tory change is not performed.
 
Yes, I know...
As I said I use ftpchroot so far.

But it does not respect ftpd.conf and with ftpchroot alone it's only possible to restrict the user to it's home directory, not to an arbitrary folder.
 
Nokobon said:
Yes, I know...
As I said I use ftpchroot so far.

But it does not respect ftpd.conf and with ftpchroot alone it's only possible to restrict the user to it's home directory, not to an arbitrary folder.

I'm totally disagree about what you wrote, sorry.
Did you made some tests?

Well, i'll do it for you.
Let's talk about FreeBSD 7.1-RELEASE
Code:
labs# cat /etc/passwd
(cutted text)
xer:*:1001:0:'xer':/home/xer:/bin/sh
as you can see, i just leaved passwd with home dir

Code:
labs# cat /etc/ftpchroot
xer /usr/home/xer/bubu
As you can see, i did restrict the user "xer" to see JUST
the "bubu" dir inside his home dir and with nothing inside.

Let's try a test with what you want, a DIR not inside HOME

Code:
labs# pwd
/
labs# mkdir bubu
labs# cd /bubu
labs# pwd
labs# /bubu
labs# touch for_my_friend
labs# ls -la
total 4
drwxr-xr-x   2 root  wheel  512 Jun 25 14:46 .
drwxr-xr-x  20 root  wheel  512 Jun 25 14:46 ..
-rw-r--r--   1 root  wheel    0 Jun 25 14:48 for_my_friend
labs# cd ..
labs# ee /etc/ftpchroot
(make the right modifies example "xer /bubu/)
so "USER" "dir_chrooted"

labs# cat /etc/ftpchroot
labs# xer /bubu

As you can see dir "bubu" is on main root and not inside
home dir

Try to make an ftp connection you can see just that dir and
home dir is untouched:
Code:
User: xer
331 Password required for xer.
Password:
230 User xer logged in, access restrictions apply.
ftp> ls -la
200 PORT command successful.
150 Opening ASCII mode data connection for '/bin/ls'.
total 4
drwxr-xr-x  2 0  0  512 Jun 25 14:46 .
drwxr-xr-x  2 0  0  512 Jun 25 14:46 ..
-rw-r--r--  1 0  0    0 Jun 25 14:48 for_my_friend
226 Transfer complete.
ftp: 142 bytes received in 0,00secons 142000,00Kbyte/sec)
ftp>
As you can see it show the "content" of /bubu and not of /usr/home/xer/bubu

This look as a reasonable solution?
I think yes, it works.
;)

I suggest you to make some good tests, if you need some help any more, ask again.
xer
 
xer said:
Code:
labs# cat /etc/ftpchroot
xer /usr/home/xer/bubu

Where did you get this from? It's not documented anywhere, as far as I can see.
 
DutchDaemon said:
Where did you get this from? It's not documented anywhere, as far as I can see.

What? About bubu?
:) joking..

well, i started this thread, so i went around and around on google and i found this:

http://leaf.dragonflybsd.org/cgi/web-man?command=ftpchroot&section=5

it works, dragonfly is freebsd!

ftpd.conf as you know, it is impossible to get on FreeBSD, also i did found it on a OpenBSD CVS, but it is not fully working.

Anyway, it seems that "ftpd" on freebsd has been abandoned, so far ftpd.conf, so i use pure ftpd (on a production machine)
 
Well, it sucks to high heaven that this isn't documented in ftpchroot(5) on FreeBSD. Would have saved a lot of people a lot of trouble. If it works for standard FreeBSD ftp, that is.

And I'm happy to say that it works (for /usr/libexec/ftpd). Quite an oversight for a FreeBSD man page!
 
Well, this is interesting! There is a correct man file for ftpchroot, but it's only in the source tree...

[cmd=]man /usr/src/libexec/ftpd/ftpchroot.5[/cmd] (it's six years old!)

I tracked it down thanks to a PR filed back in 2006! I've filed another PR, linking the problem in this thread (and its solution) and the old PR. Hope the abominable documentation for ftpd will be revised from scratch soon.

P.S., there's also [cmd=]man /usr/src/libexec/ftpd/ftpd.8[/cmd]. Haven't checked it against ftpd(8).
 
from:
http://www.freebsd.org/cgi/man.cgi?query=ftpchroot&sektion=5&apropos=0&manpath=FreeBSD+7.2-RELEASE

this part explain a little bit:

-------------

/etc/ftpchroot
The file /etc/ftpchroot is used to determine which users will have their
session's root directory changed (using chroot(2)), either to the direc-
tory specified in the ftpd.conf(5) chroot directive (if set), or to the
home directory of the user. If the file does not exist, the root direc-
tory change is not performed.

The syntax is similar to ftpusers, except that the class argument is
ignored. If there's a positive match, the session's root directory is
changed. No further comparisons are attempted after the first successful
match. This syntax is backward-compatible with the old syntax.
-------------

but its a little bit.. i does not explain too much

better dragonfly..
i wonder why, FreeBSD FTP server service is not expanded...
i think that will be a good service more usable..

why i must install pureftpd or proftpd?
btw, i use pure 'cause i don't trhust inetd/ftpd service that came with FreeBSD... :r
 
Back
Top