[Steve Bosell]

After installing jag, users in /etc/ftpchroot can no longer ftp in, they get error 500 can not change root. What the heck, how do I restrict users to their home directory?

[sahara]

This is the second time I've seen Steve post a topic for this. I am also worried about it too, although I don't consider it a huge problem. If no one knows the answer, is anyone at least investigating or have an idea where we might get an explanation? Thanks.

[Brit Ben]

Originally posted by Steve Bosell:
After installing jag, users in /etc/ftpchroot can no longer ftp in, they get error 500 can not change root. What the heck, how do I restrict users to their home directory?

As root, can you execute a chroot / command from the shell ? If not, there may be problems with chroot itself... If you can, then perhaps the ftp got screwed during the 10.2 sanity checking.

Ben.

[gorgonzola]

Originally posted by Brit Ben:


As root, can you execute a chroot / command from the shell ? If not, there may be problems with chroot itself... If you can, then perhaps the ftp got screwed during the 10.2 sanity checking.

Ben.

No, chroot seems to work fine. I haven't tested it with ftp explicitly, but the chroot command itself doesn't blow up. Sounds like an ftpd issue.

[Alex Duffield]

Still no answers?? I really need this to work!!

If I find somthing, I'll post it back here.

[kvm_mkdb]

Originally posted by Steve Bosell:
After installing jag, users in /etc/ftpchroot can no longer ftp in, they get error 500 can not change root. What the heck, how do I restrict users to their home directory?

ftpd is crippled. download the source from ftp://ftp.netbsd.org/pub/NetBSD/misc/lukemftp/ and compile it yourself.

[BigMac2]

Every time I'm trying to compile lukemftpd 1.1 I got:


gcc -I. -I./.. -I. -I.. -I./../libukem -g -O2 -c -o conf.o conf.c
conf.c: In function `count_users':
conf.c:952: `F_TLOCK' undeclared (first use in this function)
conf.c:952: (Each undeclared identifier is reported only once
conf.c:952: for each function it appears in.)
conf.c:999: `F_ULOCK' undeclared (first use in this function)
make[1]: *** [conf.o] Error 1
make: *** [ftpd] Error 2

Someone got any clue?

[kvm_mkdb]

Originally posted by BigMac2:
Every time I'm trying to compile lukemftpd 1.1 I got:


gcc -I. -I./.. -I. -I.. -I./../libukem -g -O2 -c -o conf.o conf.c
conf.c: In function `count_users':
conf.c:952: `F_TLOCK' undeclared (first use in this function)
conf.c:952: (Each undeclared identifier is reported only once
conf.c:952: for each function it appears in.)
conf.c:999: `F_ULOCK' undeclared (first use in this function)
make[1]: *** [conf.o] Error 1
make: *** [ftpd] Error 2

Someone got any clue?

either configure with:

Code:
env CFLAGS='-no-cpp-precomp' ./configure

or use the 1.2 beta (which works great)

[furtheraway]

i'm not a unix newbie, but i'm a little new to compiling. i am, however, familiar with the concept.

i downloaded the lukemftpd 1.2 beta source and i read the documentation. i've got the 10.2 dev tools installed, no problem there.

i ran configure, and it found gcc.. no errors. then i ran make and it appears to have done its thing.

now the instructions in the INSTALL file say to run 'make install' .. but all i get is "install is up to date".

so i'm guessing that i need to alter the directions a bit for os x. i've read the install-sh script and i think that's the next step, but i'm not sure about the syntax to use. i just need a nudge in the right direction here.. anyone care to tell me what i'm doing wrong?

[kvm_mkdb]

Originally posted by furtheraway:

now the instructions in the INSTALL file say to run 'make install' .. but all i get is "install is up to date".

hehehe there is an 'INSTALL' file in the lukemftpd directory - when you tell make to 'make install' it sees that file and (due to the case-insensitive filesystem) it thinks 'install is there, no need to make it again'. This is a shortcoming of 'make'.

Either rename the INSTALL file to INSTALL.txt or just copy the src/ftpd file where MacOSX expects it, in /usr/libexec (I reccomend the latter, but backup the original /usr/libexec/ftpd first).

[furtheraway]

kvm_mkdb, thank you very much! i can't believe i didn't think of that.

i copied the new ftpd from /src to /usr/libexec (after backing up the old ftpd) and i verified that ftpd reports lukemftpd 1.2 beta 2 when logging in. the only problem i'm having now is that ftpd seems to ignore ftpchroot completely. any user listed in ftpchroot can log in, but they are no longer restricted to their home directories.

my ftpchroot file is in /etc and lists users like it should:

aardvark
buffalo
condor
dolphin

i'm sure this is just a configuration issue.. so i'll probably figure it out soon, but if you have any pointers, please pass them along.

thanks again!

[kvm_mkdb]

Originally posted by furtheraway:

my ftpchroot file is in /etc and lists users like it should

ahem.. didn't think of that.

By deafult it wants to live in /usr/local, so it expects the config files to be in /usr/local/etc/

Either copy ftpchroot there or reconfigure the sources with the option --sysconfdir=/etc and reinstall

[furtheraway]

ok, that makes sense. it also explains why i had to manually copy the new ftpd to /usr/libexec. make had already copied the new stuff to /usr/local/.. if i'd paid more attention during the install, i would have seen that. :o

i think i'll reconfigure and install again with the sysconfdir option. for some reason, i'd like to keep that stuff in /etc. unless, of course, there's a reason i shouldn't do that.

thank you so much for your help.

[Steve Bosell]

I am a total novice, any help would be appreciated. I downloaded lukemftpd 1.2 beta, changed to that directory on my desktop,
typed ./configure it did its thing
typed make it did its thing again
renamed ftpd to ftpd.old in /usr/libexec
copied ftpd from the lukemftpd-1.2-beta2 folder on my desktop to /usr/libexec
rebooted and ftp doesn't work,
tried ftpd -r and got command not found
tried to sudo make install it did its thing
rebooted and it still doesn't work
It looks like the ftp server is not starting up, in the sharing control panel ftp is grayed out, should it be grayed out if ftpd is installed correctly? please help

[kvm_mkdb]

Originally posted by Steve Bosell:
It looks like the ftp server is not starting up, in the sharing control panel ftp is grayed out, should it be grayed out if ftpd is installed correctly?

If ftp in the control panel is grayed out something must be wrong.

Try putting the old one back first, and verify that is working correctly.
Assuming you unpacked lukemftpd on your desktop, type the following:

Code:
sudo cp /usr/libexec/ftpd /usr/libexec/ftpd.orig
sudo cp ~/Desktop/lukemftpd-1.2-beta2/src/ftpd /usr/libexec/ftpd

And then try toggling the 'ftp' checkbox in the control panel (no need to restart).

[Steve Bosell]

got it workin'! it was user error. Thanks for everyone's help

[Jadey]

I've followed the instructions here, but I can't manually copy the file ftpd into /usr/libexec from the lukemftpd src directory on my desktop, since there is no file with that name. There is a file called just "ftp". I tried coping that and renaming it, however, when I try to log in, I get the error:

ftpd: illegal option -- l

What can be done?

[Alex Duffield]

is all his still needed in 10.2.1???

[Jadey]

Yes, ftpd was not one of the things listed as being updated in the 10.2.1 update. Also, chroot still does not work for me with 10.2.1 without updating lukemftpd (although I havne't been able to update it so far)

[Jadey]

Got it working using lukemftpd version 1.2-beta2. Problem was I was trying to use a newer version than that. Beta2 worked though. Thanks all!

[WAW401]

Thanks everyone, installing lukemftp 1.2 beta2 worked for me as well. It hasn't been mentioned here yet, but the syntax for chrooting groups has changed from the ftpd in 10.1.x.

In 10.1.x ftpd's chroot file you could chroot an entire group with "@groupname". The new man page for ftpchroot is kind of hard to figure out, but "*:groupname" works.

I needed this because I have OS X client serving up various virtual web sites, corporate email (CommunigatePro), and I had all members of the staff group able to log-in via FTP and be chrooted to the same FileShare space. (You have to change the "home" entry in the NetInfoDB for these members. I just added them to the NetInfoDB via the command line with the minimal entries necessary to allow AFP & FTP log-in.)

[JNI]

There is an article about this problem here:

http://www.chezludo.com/ftpchroot.html

He supplies a pre-built binary for anyone that is having trouble building it from the source. I installed it and ftpchroot is now working correctly for me.

I'm a bit concerned about the hack here because there is no info on what the change is and how it may affect security etc. But it seems to work and has been posted for a while and I imagine that if anyone had found problems with it the site would mention that. But YMMV ...