The builtin ftp daemon in FreeBSD is able to lock users in secured directories by using chroot and is really simple to setup.<\/p>\n
There is a standardgroup called Then create a filearea where the user should be restricted to.<\/p>\n Create the user. Note the dot in the user’s homedirectory. This separates the chroot from the dir where to cd into upon login. By setting the directory permissions to 700, other ftpchroot users cannot peek into eachother directories.<\/p>\n In order for the user to be able to login through ftp, To properly map uid’s to usernames a couple of steps still remains.<\/p>\n Create a dummy passwd file for all ftpchroot users and generate a passwd database from it and copy over the system group file to the chroot etc<\/p>\n Having added the following to The builtin ftp daemon in FreeBSD is able to lock users in secured directories by using chroot and is really simple to setup. There is a standardgroup called ftp with the groupid 14. Let’s make another group called ftpchroot as well. pw groupadd ftpchroot -g 15 Then create a filearea where the user should be …<\/span> Read More →<\/span><\/a><\/span><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[14],"tags":[42,31,40,41],"_links":{"self":[{"href":"https:\/\/wp.strahlert.net\/wordpress\/wp-json\/wp\/v2\/posts\/167"}],"collection":[{"href":"https:\/\/wp.strahlert.net\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wp.strahlert.net\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wp.strahlert.net\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/wp.strahlert.net\/wordpress\/wp-json\/wp\/v2\/comments?post=167"}],"version-history":[{"count":9,"href":"https:\/\/wp.strahlert.net\/wordpress\/wp-json\/wp\/v2\/posts\/167\/revisions"}],"predecessor-version":[{"id":189,"href":"https:\/\/wp.strahlert.net\/wordpress\/wp-json\/wp\/v2\/posts\/167\/revisions\/189"}],"wp:attachment":[{"href":"https:\/\/wp.strahlert.net\/wordpress\/wp-json\/wp\/v2\/media?parent=167"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wp.strahlert.net\/wordpress\/wp-json\/wp\/v2\/categories?post=167"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wp.strahlert.net\/wordpress\/wp-json\/wp\/v2\/tags?post=167"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}ftp<\/code> with the groupid 14. Let’s make another group called ftpchroot<\/code> as well.<\/p>\npw groupadd ftpchroot -g 15<\/code><\/pre>\nmkdir \/usr\/local\/ftpchroot\r\nchgrp ftpchroot \/usr\/local\/ftpchroot\r\n<\/code><\/pre>\n# adduser\r\nUsername: ftpuser\r\nFull name: Ftpuser\r\nUid (Leave empty for default): \r\nLogin group [ftpuser]: ftpchroot\r\nLogin group is ftpchroot. Invite ftpuser into other groups? []:\r\nLogin class [default]:\r\nShell (sh csh tcsh bash rbash nologin) [sh]: nologin\r\nHome directory [\/home\/ftpuser]: \/usr\/local\/ftpchroot\/.\/ftpuser\r\nHome directory permissions (Leave empty for default): 700\r\nUse password-based authentication? [yes]:\r\nUse an empty password? (yes\/no) [no]:\r\nUse a random password? (yes\/no) [no]:\r\nEnter password:\r\nEnter password again:\r\nLock out the account after creation? [no]:\r\nUsername : ftpuser\r\nPassword : *****\r\nFull Name : Ftpuser\r\nUid : 1001\r\nClass :\r\nGroups : ftpchroot\r\nHome : \/usr\/local\/ftpchroot\/.\/ftpuser\r\nHome Mode : 700\r\nShell : \/usr\/sbin\/nologin\r\nLocked : no\r\nOK? (yes\/no): yes\r\nadduser: INFO: Successfully added (ftpuser) to the user database.\r\nAdd another user? (yes\/no): no\r\nGoodbye!<\/code><\/pre>\n\/usr\/sbin\/nologin<\/code> must be added to \/etc\/shells<\/code>. The file \/etc\/ftpchroot<\/code> determines which users should be allowed restricted ftpaccess. It contains a list of users and\/or groups where groups are written by prefixing it with an @ character.<\/p>\n@ftpchroot<\/code><\/pre>\nmkdir \/usr\/local\/ftpchroot\/etc<\/code><\/pre>\nwhile IFS=: read user x uid gid x; do\r\n if [ \"$gid\" = \"15\" ]; then\r\n echo $user:*:$uid:$gid:::::: >> \/tmp\/passwd\r\n fi\r\ndone < \/etc\/passwd\r\n\r\npwd_mkdb -d \/usr\/local\/ftpchroot\/etc \/tmp\/passwd\r\nrm \/usr\/local\/etc\/ftpchroot\/etc\/master.passwd\r\nrm \/usr\/local\/etc\/ftpchroot\/etc\/spwd.db\r\ncp \/etc\/group \/usr\/local\/etc\/ftpchroot\/etc\r\nchmod 555 \/usr\/local\/etc\/ftpchroot\/etc\r\nchmod 444 \/usr\/local\/etc\/ftpchroot\/etc\/*<\/code><\/pre>\n\/etc\/rc.conf<\/code> you’re ready to fire it up by \/etc\/rc.d\/ftpd start<\/code>.<\/p>\nftpd_enable=\"YES\"\r\nftpd_flags=\"-llD\"<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"