Restricted FTP

[Gary Weimer 588-0953]

In article <91065.181715GUTEST6 at cc1.kuleuven.ac.be>,
GUTEST6 at cc1.kuleuven.ac.be (Kris Van Hees) writes:
|> We are installing a restricted user system, for local users who want to
|> download.  Now, these users are placed in a restricted shell, to avoid
|> security problems.  Althought it isn't a problem, there might be a leak
|> through FTP (we just don't know).  To decrease this chance we are looking
|> for a restricted version of FTP.  Is such existing and where?

Assuming you mean you want a restricted FTP for users to ftp FROM your
machine:
Normal FTP can be a problem because users can use the ! to run anything
in bourne shell (or the shell specified by the environment variable SHELL).
IF you have source, a quick fix would be to put a return at the top of
function used to execute shell commands (printing an error message is
optional). lcd and other commands may also be a problem. Forcing users
to ftp TO your machine (limit access to ftp) could avoid all these
problems.

Assuming you mean you want a restricted FTP for users to ftp TO your
machine:
You actually want a restricted ftpd (the ftp daemon). As mentioned by
someone else, you can use anonymous ftp for this. In my case, I
wanted anonymous ftp AND I wanted to restrict a specific user who I also
required a password from. To accomplish this, I set the guest flag to
true after getting the password for that account (this requires source
code). This causes the ftpd to perform the chroot for this account as
well as anonymous ftp.

weimer at ssd.kodak.com ( Gary Weimer )