ftpd not chroot'ing

Nguyen Tam Chinh unixvn at gmail.com
Fri Dec 12 07:01:17 PST 2008

On Fri, Dec 12, 2008 at 2:58 AM, Gunther Mayer
<gunther.mayer at googlemail.com> wrote:
> Hi guys,
> I'm trying to set up a really simple, single account write only ftp service.
> So I put
> ftpd_enable="YES"
> ftpd_flags="-o -d"
> in my rc.conf and started the ftp server. Now I have a special password
> enabled user account called "camera" (none of the other accounts have
> passwords, all logins are either remote ssh with keys or local terminal
> access with root) with login shell /bin/sh.
> So far so good. All I want to do now is now use the chroot facility of ftpd
> so that when user "camera" logs in ftpd will chroot the session to its home
> directory (/home/camera). man ftpd and man ftpchroot tells me to put
> something like
> camera   yes
> in /etc/ftpchroot. But once I do that I always get:
> $ ftp myserver.mydomain.com
> Connected to myserver.mydomain.com
> 220 myserver FTP server (Version 6.00LS) ready.
> Name (mypc:test): camera
> 331 Password required for camera.
> Password:
> 550 Can't change root.
> Login failed.
> ftp> quit
> 221 Goodbye.
> If I disable that line in /etc/ftpchroot by commenting it out I can log in
> perfectly fine though. Even debug log messages (-d) don't tell me anything
> more than "can't change root" :-(
> The alternative as stated by "man ftpd" - putting a ":ftp-chroot=true:" in
> /etc/login.conf and doing a cap_mkdb /etc/login.conf seems to make no
> difference as no chroot is in effect (I can still cd .. and get to /home).
> What am I doing wrong?
> Gunther
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

Try to put just username there, no need to put "yes".

With best regards,
Chinh Nguyen

FreeBSD - The Power to Serve

More information about the freebsd-questions mailing list