1.\" Copyright (c) 2003 FreeBSD Project 2.\" All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 23.\" SUCH DAMAGE. 24.\" 25.\" $FreeBSD$ 26.\" 27.Dd January 26, 2003 28.Dt FTPCHROOT 5 29.Os 30.Sh NAME 31.Nm ftpchroot 32.Nd list users and groups subject to FTP access restrictions 33.Sh DESCRIPTION 34The file 35.Nm 36is read by 37.Xr ftpd 8 38at the beginning of an FTP session, after having authenticated the user. 39Each line in 40.Nm 41corresponds to a user or group. If a line in 42.Nm 43matches the current user or a group he is a member of, 44access restrictions will be applied to this 45session by changing its root directory with 46.Xr chroot 2 47to that specified on the line or to the user's login directory. 48.Pp 49The order of records in 50.Nm 51is important because the first match will be used. 52Fields on each line are separated by tabs or spaces. 53.Pp 54The first field specifies a user or group name. 55If it is prefixed by an 56.Qq at 57sign, 58.Ql \&@ , 59it specifies a group name; 60the line will match each user who is a member of this group. 61As a special case, a single 62.Ql \&@ 63in this field will match any user. 64A username is specified otherwise. 65.Pp 66The optional second field describes the directory for the user 67or each member of the group to be locked up in using 68.Xr chroot 2 . 69Be it omitted, the user's login directory will be used. 70If it is not an absolute pathname, then it will be relative 71to the user's login directory. 72If it contains the 73.Qq \&/./ 74seprator, 75.Xr ftpd 8 76will treat its left-hand side as the name of the directory to do 77.Xr chroot 2 78to, and its right-hand side to change the current directory to afterwards. 79.Sh FILES 80.Bl -tag -width /etc/ftpchroot -compact 81.It Pa /etc/ftpchroot 82.El 83.Sh EXAMPLES 84These lines in 85.Nm 86will lock up the user 87.Qq webuser 88and each member of the group 89.Qq hostee 90in their respective login directories: 91.Bd -literal -offset indent 92webuser 93@hostee 94.Ed 95.Pp 96And this line will tell 97.Xr ftpd 8 98to lock up the user 99.Qq joe 100in 101.Pa /var/spool/ftp 102and then to change the current directory to 103.Pa /joe , 104which is relative to the session's new root: 105.Bd -literal -offset indent 106joe /var/spool/ftp/./joe 107.Ed 108.Pp 109And finally the following line will lock up every user connecting 110through FTP in his respective 111.Pa \&~/public_html , 112thus lowering possible impact on the system 113from intrinsic insecurity of FTP: 114.Bd -literal -offset indent 115@ public_html 116.Ed 117.Sh SEE ALSO 118.Xr chroot 2 , 119.Xr group 5 , 120.Xr passwd 5 , 121.Xr ftpd 8 . 122