FTP user inside user

FTP user inside user

Post by dat » Thu, 09 Feb 2006 20:38:37


Hi,
I am trying to allow a user (Bob) to access (rw) a subdirectory of
Phil's home using ftp.
Phil is listed in the ftpchroot file.
How can I do this? (even a link is welcome since google doesn't
returned nothing interesting).
Thanks
dat

P.S. FreeBSD version is 4.9
P.S. the subdirectory accessed through ftp must be rw for both users,
Bob must see ONLY that subdirectory (a kind of chroot)
P.S for apache problems all the users are members of the same group of
apache (I don't know if this matters)
 
 
 

FTP user inside user

Post by Chris Petr » Fri, 10 Feb 2006 20:36:47


You can do this by adding each user to each users group adding it to
ftpchroot just changes the root of the users dir wount actually allow
them to goto the other persons dir or you could make a global dir and
add all into that but that looks kind of ugly

 
 
 

FTP user inside user

Post by bv » Sun, 12 Feb 2006 01:45:00

In article < XXXX@XXXXX.COM >,




The OP said 'Phil' is chrooted, but my interpretation was
that 'Bob' was not and needed to access files in Phil's directory.

I've stacked directories with chrooted users for a client where
the adminstrators come in at one level, and the users come in
at a level below them.

I'll just call them 'admin' and 'user' here.

Both admin and user have their own group TIDs in addtion to UIDs
And even the users could not write in the top couple of
subdirectories but could deeper down.

Admin gets their own directory. Users get their home chrooted
under admin.

That user directory is chmod'ed 571 in the admin directory
with UID belonging to user and GID to admin.

This gives admin full ability to read/write directories in the user
directory.

Then in the subdirectories where users can read/write the
directorys are 770 and in submission only where admin can read
them but user can submit them, the owner is 'user' and group
is 'admin' with permission of 370. So they can write but can not
see what others have written.

So with the correct permissions and ownership you can really narrow
things down.

All of the above were ftp only sites - with the shell being
/bin/false - copied over from /usr/bin/false so all shells
would be in the same directory.

Bill
--
Bill Vermillion - bv @ wjv . com