Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> Re: slightly OT: Way to prevent FTP users from changing dirs?

Re: slightly OT: Way to prevent FTP users from changing dirs?

From: Paul Drake <paled_at_home.com>
Date: Wed, 12 Sep 2001 09:31:36 -0700
Message-ID: <F001.0038BA53.20010912084022@fatcity.com>

jail.

Once you have "jailed" the user, they cannot navigate above that point in the filesystem.

SysAdmin Magazine runs articles such as this topic. In the May 2001 issue, the article "Securing FreeBSD Using Jail" covered this for FreeBSD.
Unfortunately, the article is not available online.

Here is a link into the Linux Documentation project for jailing the BIND process:

http://www.linuxdoc.org/HOWTO/Chroot-BIND8-HOWTO-2.html

Here is an article (google) for solaris:

http://www.bpfh.net/simes/computing/chroot-break.html http://pdd.sourceforge.net/faq/proftpdfaq-5.html

http://packetstormsecurity.org/UNIX/security/ - click on jail_1.8.tar.gz

hth,

Paul

Jay Weinshenker wrote:
>
> Solaris 2.6
>
> Any hints on how to do this?
>
> I can prevent them from being able to telnet in, but once they ftp in, they
> can go pretty much anywhere...
>
> I've been told in the past that you could prevent a FTP user from being
> able to leave the directory they start off in, but I have no idea how to
> implement this.. hints?
>
> And please, don't start telling me about setting/removing no world
> permissions on a directory... that's not what I'm talking about.
>
> J
>

-- 
Please see the official ORACLE-L FAQ: http://www.orafaq.com
-- 
Author: Paul Drake
  INET: paled_at_home.com

Fat City Network Services    -- (858) 538-5051  FAX: (858) 538-5051
San Diego, California        -- Public Internet access / Mailing Lists
--------------------------------------------------------------------
To REMOVE yourself from this mailing list, send an E-Mail message
to: ListGuru_at_fatcity.com (note EXACT spelling of 'ListGuru') and in
the message BODY, include a line containing: UNSUB ORACLE-L
(or the name of mailing list you want to be removed from).  You may
also send the HELP command for other information (like subscribing).
Received on Wed Sep 12 2001 - 11:31:36 CDT

Original text of this message

HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US