Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
FTPCHROOT(5)		    BSD	File Formats Manual		  FTPCHROOT(5)

     ftpchroot -- list users and groups	subject	to FTP access restrictions

     The file ftpchroot	is read	by ftpd(8) at the beginning of an FTP session,
     after having authenticated	the user.  Each	line in	ftpchroot corresponds
     to	a user or group.  If a line in ftpchroot matches the current user or a
     group he is a member of, access restrictions will be applied to this ses-
     sion by changing its root directory with chroot(2)	to that	specified on
     the line or to the	user's login directory.

     The order of records in ftpchroot is important because the	first match
     will be used.  Fields on each line	are separated by tabs or spaces.

     The first field specifies a user or group name.  If it is prefixed	by an
     "at" sign,	`@', it	specifies a group name;	the line will match each user
     who is a member of	this group.  As	a special case,	a single `@' in	this
     field will	match any user.	 A username is specified otherwise.

     The optional second field describes the directory for the user or each
     member of the group to be locked up in using chroot(2).  Be it omitted,
     the user's	login directory	will be	used.  If it is	not an absolute	path-
     name, then	it will	be relative to the user's login	directory.  If it con-
     tains the "/./" seprator, ftpd(8) will treat its left-hand	side as	the
     name of the directory to do chroot(2) to, and its right-hand side to
     change the	current	directory to afterwards.


     These lines in ftpchroot will lock	up the user "webuser" and each member
     of	the group "hostee" in their respective login directories:


     And this line will	tell ftpd(8) to	lock up	the user "joe" in
     /var/spool/ftp and	then to	change the current directory to	/joe, which is
     relative to the session's new root:

	   joe	   /var/spool/ftp/./joe

     And finally the following line will lock up every user connecting through
     FTP in his	respective ~/public_html, thus lowering	possible impact	on the
     system from intrinsic insecurity of FTP:

	   @	   public_html

     chroot(2),	group(5), passwd(5), ftpd(8).

BSD			       January 26, 2003				   BSD


Want to link to this manual page? Use this URL:

home | help