>Questions:
>1: does anyone have a favourite ftpd that does this (perhaps via inode
>checking to prevent access to specific files)
The ftpd I run on most of my machines has screen-for-imbeciles
code in the retrieve command that looks like:
if(cmd == 0) {
struct stat sb;
int savi;
int savd;
if(stat("/etc/passwd",&sb) == 0) {
savi = sb.st_ino;
savd = sb.st_dev;
if(stat(name,&sb) == 0) {
if(sb.st_ino == savi && sb.st_dev == savd) {
reply(550, "You cant have the password f
ile");
#ifdef STATS
syslog(LOG_NOTICE,
"REFUSED PASSWD FILE TO %s, %s",
stats_ruser,remotehost);
#endif
goto done;
}
}
}
}
it's also worth taking a look at ftpcmd.y and commenting
out anything that looks like you don't like it from "cmdtab" --
just change the 1 to 0 for the value of "implemented" to turn a
command off.
>2: is it sensible in the first place to wrap the entire ftpd in a chroot.
I think so, but then my bias is already known.
>3: is the second chroot any use at all, or is there a better way?
I doubt it helps. Our ftp user's home directory in ~ftp
is "/"
mjr.
|
|
