Re: Proposed modification to ftpd

From: Peter Ross (
Date: 01/13/01

Date: Sat, 13 Jan 2001 18:27:27 +0100 (MET)
From: Peter Ross <>


next week I have to change a ftp server.

I read the thread starting with the message from
Fernando Schapachnik <> on Fri, 29 Dec 2000
13:29:45 -0300 (ART)

> I just submitted PR bin/23944, which contains a patch against
> 4.2R ftpd to add the following funcionality to chrooted users: The
> user's home dir is splitted by the first '/./'. The first part is
> used to chroot, and the second to chdir (eg,
> '/usr/local/www/data/site/./htdocs', means chroot to
> /usr/local/www/data/site, and then chdir to htdocs).
> The reason I consider it (some how) security related is that
> it is meant to simplify migration from (usually
> remote-root-exploitable) wu-ftpd, which uses the same sintax.

I want to migrate (for security reasons).

I wish that the user doesn't see /etc or /bin after login, because some of them
using scripts to receive data. These scripts could have instructions like "mput
*". There are more then one or two users and I don't like monday telephon calls
"It doesn't work". Some users are confused by smallest changes..

I created a home directory owned by the FTP account and used /etc/ftpchroot.
Fortunately ls is integrated part of ftpd - no bin directory necessary. Also
there's no etc. According to the man page I only see uids (no names because
there is no passwd database) but I think that isn't a problem. This moment I
can't see other problems. It seems to work.

> ~ftp Make the home directory owned by ``root'' and unwritable
> by anyone.

Hmmh. Now the home directory is 775 (a different user with a same gid moves the
files in our network or from it)

Would you prefer my way to migrate wu-ftpd -> ftpd rather than implement the
"*/./*" syntax? Any risks?

Peter Ross

To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: IRIX ftpd
    ... >> If I setup anonymous access to ftpd ('ftp' user in passwd file) ... >> I can't see any files in home directory. ...
  • Re: ftpchroot syntax
    ... > The above setup causes users being locked into their home directory, ... The ftpd daemon uses the following ftp specific parameters: ...
  • Re: Publisher and 1&1
    ... And go back to your site, log in, and make sure your home directory is ... change the FTP proxy settings to allow ... To use Publisher read the following article: ... 1&1 is not really clear about how and where to upload your files. ...
  • Security advisory: krb5 ftpd buffer overflows (fwd)
    ... Subject: Security advisory: krb5 ftpd buffer overflows ... Buffer overflows exist in the FTP daemon included with MIT krb5. ...
  • Re: How to disallow a user removing a directory but allow removing files within it?
    ... Your ftpd will most likely run as user "ftp" and under group ... capital letter. ... -- My keyboard is ...