10.2 and ftpchroot

steve bosell · 08-05-2002, 03:31 PM

Has anyone else noticed that users in /etc/ftpchroot can no longer log in to your 10.2 box? (error 500 can't change root) It looks like that the ftp server is now ftpd, I just want to restrict ftp users to their home folder, whats up?

steve bosell · 08-08-2002, 01:25 AM

has anyone else had this problem?

AKcrab · 08-08-2002, 01:32 AM

I would expect a much larger response after 8/24, no?

heik_77 · 09-13-2002, 05:28 PM

Same to me ...after creating the ftpchroot file to restrict users...
every restricted user gets an error....

550 Can't change root.

rusty · 10-09-2002, 09:34 AM

Has anyone worked around this? Or go so far as to rebuild ftpd from the source with a patch?

Rusty

spoot · 10-09-2002, 10:41 AM

This is indeed broken since 10.2

rusty · 10-09-2002, 10:48 AM

OK, this page describes in detail how to rebuild ftpd from a previous copy of the Darwin source. It states that the rebuilt copy will once again allow ftpchroot to work as expected.

The one thing that worries me is that the "broken" version of ftpd in 10.2 was patched to address Darwin bug number 2882158, and the author of the above linked page states that he has not seen a description of that particular bug.

So by following the above procedure, and "fixing" ftpd by building a previous version, you have to assume the risk of reintroducing a bug whose seriousness or security risk is not described.

Anyone who has access to the Darwin bugtracker able to take a peek at #2882158?

Rusty

heik_77 · 10-09-2002, 11:18 AM

I have installed ProFTPd FTP Server Daemon 1.2.4
It's pretty much the same. ftpchroot works fine for me under 10.2.1.
ProFTPd is an open source, GPL FTP server daemon designed to replace the standard Unix FTP daemon in either inetd or standalone mode.

08-05-2002, 03:31 PM	#1
steve bosell Prospect Join Date: Aug 2002 Posts: 3	10.2 and ftpchroot Has anyone else noticed that users in /etc/ftpchroot can no longer log in to your 10.2 box? (error 500 can't change root) It looks like that the ftp server is now ftpd, I just want to restrict ftp users to their home folder, whats up?

10-09-2002, 11:18 AM	#8
heik_77 Prospect Join Date: Aug 2002 Posts: 15	ProFTPd FTP Server Daemon _-_ 1.2.4 I have installed ProFTPd FTP Server Daemon 1.2.4 It's pretty much the same. ftpchroot works fine for me under 10.2.1. ProFTPd is an open source, GPL FTP server daemon designed to replace the standard Unix FTP daemon in either inetd or standalone mode.

08-08-2002, 01:25 AM	#2
steve bosell Prospect Join Date: Aug 2002 Posts: 3	has anyone else had this problem?

08-08-2002, 01:32 AM	#3
AKcrab MVP Join Date: Jan 2002 Location: Wasilla, AK Posts: 1,043	I would expect a much larger response after 8/24, no?

09-13-2002, 05:28 PM	#4
heik_77 Prospect Join Date: Aug 2002 Posts: 15	Same to me ...after creating the ftpchroot file to restrict users... every restricted user gets an error.... 550 Can't change root.

10-09-2002, 09:34 AM	#5
rusty Triple-A Player Join Date: Jan 2002 Posts: 84	Has anyone worked around this? Or go so far as to rebuild ftpd from the source with a patch? Rusty

10-09-2002, 10:41 AM	#6
spoot Prospect Join Date: Jan 2002 Posts: 2	This is indeed broken since 10.2

10-09-2002, 10:48 AM	#7
rusty Triple-A Player Join Date: Jan 2002 Posts: 84	OK, this page describes in detail how to rebuild ftpd from a previous copy of the Darwin source. It states that the rebuilt copy will once again allow ftpchroot to work as expected. The one thing that worries me is that the "broken" version of ftpd in 10.2 was patched to address Darwin bug number 2882158, and the author of the above linked page states that he has not seen a description of that particular bug. So by following the above procedure, and "fixing" ftpd by building a previous version, you have to assume the risk of reintroducing a bug whose seriousness or security risk is not described. Anyone who has access to the Darwin bugtracker able to take a peek at #2882158? Rusty