I have a mandrake 7 box that I host some personal webpages on. Anyway, a buddy wants to put his webpage on there. I created him a directory and manually put the page there. It is working fine but I would like to give him ftp access so that he can modify it whenever he wants. However I only want him to have access to his directory and I don't want him to be able to log in at the terminal or via telnet. I am using wu-ftp. Any ideas on how to do this?

Give his account a non existing shell, like "/bin/dildoshell" to deny him telnet/ssh and terminal access. Remember to add the false shell to "/etc/shells"
You can change his shell by either using the "chsh" command or manually editing "/etc/passwd".
To give him access to his own home dir only is a bit worse. Then the ftp server have to run in a chrooted jail.

Proftpd will chroot users by default http://www.proftpd.net

Restricting telnet access
http://www.landfield.com/wu-ftpd/ftponly/ftponly.html

If you run wuftpd, I swear, I'll find where you live and pop a cap in your ***.

Use bsd-ftpd. Unlike wuftpd, it doesn't give away root every three hours or so.

<rant>
IT'S SO FSCKING ANNOYING THAT DISTRIBUTIONS STILL SHIP WUFTPD!

</rant>

Jeremy

Just to alleviate some people's fears about wu-ftpd...

There have been two advisories for wu since December 1999. SITE EXEC from June 2000 and the debug mode hostname format string vulnerability from January. If you're not running in debug mode, and the server you use to resolve hostnames isn't under the control of an attacker, then that second one shouldn't worry you too much.

In this time, proftpd has had a few denial of service vulnerabilities and that setproctitle() format string hole, and bsd ftpd had that vulnerability that ruined OpenBSD's record... I couldn't tell you what other holes they had because, well, I don't run them so I don't always pay attention. ;)

There's a somewhat (read: highly) controversial idea that while proftpd and bsd ftpd are both open source, they don't have the user base that wu does, so they don't get the kind of attention that wu does, therefore its to be expected that wu will have more advisories.

This theory suggests that were the other ftp daemons to be put to the same level of scrutiny that wu has been put through, a comparable number of vulnerabilities would be unearthed.

While some people will tell you that wu is about the dumbest thing you can run, wu actually isn't that bad... Two years ago it would have been very dangerous; there is some foundation for people's fears... But these days wu is doing pretty well.

There are a few reasons that some distros ship (and use, despite popular opinion) wu; it has some nice features that not all other ftp daemons have... like being able to gzip a directory on the fly for download. And there are the issues over BSD license vs GPL...

We may see some distros start shipping proftpd as it becomes more popular, but it seems that most have chosen not to include bsd ftpd for some reason or other.

[ 06 April 2001: Message edited by: Golden_Eternity ]