From owner-FreeBSD-users-jp@jp.freebsd.org  Sun Nov  8 16:41:24 1998
Received: (from daemon@localhost)
	by jaz.jp.freebsd.org (8.9.1+3.0W/8.7.3) id QAA16644;
	Sun, 8 Nov 1998 16:41:24 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from pixy.issp.u-tokyo.ac.jp (pixy.issp.u-tokyo.ac.jp [157.82.115.45])
	by jaz.jp.freebsd.org (8.9.1+3.0W/8.7.3) with SMTP id QAA16637
	for <FreeBSD-users-jp@jp.freebsd.org>; Sun, 8 Nov 1998 16:41:21 +0900 (JST)
	(envelope-from ueta@pixy.issp.u-tokyo.ac.jp)
Received: (qmail 28751 invoked from network); 8 Nov 1998 07:41:47 -0000
Received: from p03-dn04inage.chiba.ocn.ne.jp (HELO localhost) (210.225.249.68)
  by pixy.issp.u-tokyo.ac.jp with SMTP; 8 Nov 1998 07:41:47 -0000
To: FreeBSD-users-jp@jp.freebsd.org
Cc: ueta@pixy.issp.u-tokyo.ac.jp
In-Reply-To: Your message of "Sun, 8 Nov 1998 15:04:08 +0900"
	<000601be0add$995cd280$a776a1d2@pc-1.takezo.co.jp>
References: <000601be0add$995cd280$a776a1d2@pc-1.takezo.co.jp>
X-Mailer: Mew version 1.93 on Emacs 19.28 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <19981108164151Z.ueta@pixy.issp.u-tokyo.ac.jp>
Date: Sun, 08 Nov 1998 16:41:51 +0900
From: Ueta Masateru <ueta@pixy.issp.u-tokyo.ac.jp>
X-Dispatcher: imput version 980905(IM100)
Lines: 134
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+980914
X-Sequence: FreeBSD-users-jp 34855
Subject: [FreeBSD-users-jp 34855] ftpchroot
 =?ISO-2022-JP?B?GyRCJE5AX0RqGyhC?=(RE:
 =?ISO-2022-JP?B?GyRCSC85VCQ3JD8lZiE8JTYhPCRLGyhC?=
 root =?ISO-2022-JP?B?GyRCJEokSSRyOCskOyQ/JC8kSiQkGyhC?= )
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org

$B$3$s$K$A$O?"ED$G$9!#(B
From: "Hirose Takenori" <namaadmin@mail.takezo.co.jp>
Subject: [FreeBSD-users-jp 34854] RE: $BH/9T$7$?%f!<%6!<$K(B root $B$J$I$r8+$;$?$/$J$$(B 
Date: Sun, 8 Nov 1998 15:04:08 +0900
Message-ID: <000601be0add$995cd280$a776a1d2@pc-1.takezo.co.jp>
namaadmin> $B$=$3$G!"3'$5$s$K$*4j$$$7$?$$$N$G$9$,!"=i?4<TE*$J<ALd$K(B
namaadmin> $B$J$C$F$7$^$7$^$9$,!"0l$+$iA4$F$N$d$jJ}$r65$($F2<$5$$!#(B
namaadmin> $B%m%0%$%s%f!<%6!<L>!!(Bhirose
namaadmin> $B!J(Bhttp://www.takezo.co.jp/~hirose/$B$N(Bhirose$B!K(B
namaadmin> /usr/home/hirose$B$r%k!<%H$9$k!#(B
namaadmin> $B%f!<%6!<$,%[!<%`%Z!<%8$N%G!<%?$r3JG<$9$k$H$3$m$O!"(Bpublic_html

$BW"@%$5$s$,$5$l$F$$$k<ALd$O!"0JA0$HF1$8<ALd$J$N$G!V(Bftpchroot $B$C$F@_Dj$,(B
$BFq$7$$$N$+$J!W$H;W$$<+J,$G$b$A$g$C$H;n$7$F$_$^$7$?!#(B

$B$A$J$_$K(B OS $B$O(B FreeBSD(98)-2.2.6Rel $B$G$9!#$^$?!"@_Dj$9$k(B username $B$r(B 
sakura $B$H$7$^$7$?!#(B
1.vipw $B$G(B hoge $B$rDI2C!#<($9I,MW$O$J$$$H$O;W$C$?$N$G$9$,!"0l1~DI2C$7$?(B
$B%(%s%H%j$r<!$K=q$$$F$*$-$^$9!#(B

---vipw $B$GJT=8$7$?:]$KDI2C$7$?J8>O(B
sakura::10000:10000::0:0:Kinomoto Sakura:/home/sakura:/bin/sh
----$B$3$3$^$G(B
2.root $B$K$J$C$?$^$^$G(B passwd sakura $B$H$7$F(B sakura $B$5$s$N(B password $B$r@_(B
$BDj$7$F$"$2$^$9!#$3$l$r$7$J$$$H!"(Bftp $B$G(B login $B$G$-$^$;$s!#(B
#1 $B$+$i(B 2 $B$^$G$O0lHLE*$J(B ftp account $B$NM?$(J}$K$J$j$^$9!#(B

3./etc/ftpchroot $B$H$$$&%U%!%$%k$r:n$C$F$"$2$F!"$=$NCf$K(B ftp $B$r$7$?;~$K(B 
chroot $B$5$l$k$h$&$K$7$?$$(B user $B$r;XDj$7$^$9!#:#2s$N>l9g$O!"(Bsakura $B$5$s(B
$B$G$9$N$G<!$N9T$,DI2C$5$l$^$9!#(B
--/etc/ftpchroot $B$NDI2C@_Dj(B
sakura
--$B$3$3$^$G(B
$B0J>e$G(B ftp $B$r$7$?$H$-$K(B chroot $B$5$l$k$h$&$K$J$j$^$9!#(B

$B$G$b!"$3$l$@$1$G$O(B ftp $B$N(B service $B$r<u$1$k$H$$$&>l9gIT6q9g$,H/@8$7$F$7(B
$B$^$$$^$9!#2?8N$J$i!"(Bchroot $B$5$l$F$7$^$&$H(B /home/sakura $B$,(B / $B$H4GJo$5$l(B
$B$k$3$H$K$J$k$+$i$G$9!#(Bftp $B$O(B ls $B$HF~NO$5$l$?;~$K!"(B/bin/ls $B$r;H$C$F(B 
directory $B$N>pJs$rDs6!$7$F$/$l$^$9$,!"(Bchroot $B$5$l$k$H(B ftp $B$O(B
/home/sakura/bin/ls $B$r;H$C$F(B directory $B$N>pJs$rDs6!$7$h$&$H$7$F$7$^$$(B
$B$^$9!#0lHL$K(B /home/sakura/bin/ls $B$OB8:_$7$F$$$J$$$O$:$J$N$G!"(Bls $B$N7k2L(B
$B$OJV$C$F$-$^$;$s!#$3$l$G$O$A$g$C$HITJX$G$9$7!"$^$?(B chroot $B$,@5$7$/@_Dj(B
$B$5$l$F$$$k$N$+$bJ,$+$j$^$;$s!#(B
#/home/sakura/bin/sl $B$OF~$C$F$$$?$j$9$k$H$-$,$"$k$1$I(B :-)
$B$H$$$&$3$H$G!"<!$N@_Dj$,I,MW$K$J$j$^$9!#(B

4.sakura $B$5$s$N(B home directory $B$G(B
mkdir bin ;chmod 111 bin
#111 $B$O$"$^$j0UL#$,L5$$$H$O;W$$$^$9$,(B

5.cp /bin/ls /home/sakura/bin $B$H$7$F(B copy 

$B0J>e$G(B ftp sakura $B$H$7$F$_$F(B sakura $B$5$s$G(B login $B$9$k$H!"(Bchroot $B$5$l$F(B 
/home/sakura $B$,(B / $B$H$J$C$FI=<($5$l$F$$$k$H;W$$$^$9!#(B

$B0J2<$O$*$^$1$K$J$j$^$9!#(B

$B0J>e$N@_Dj$G(B chroot $B$NI,MW:GDc8B$N@_Dj$O=*N;$J$s$G$9$,!"(Bls $B$N7k2L$,(B
drwxr-xr-x   2 1000  1000       512 Oct  32 26:30 tmp
$B$H$$$&$h$&$K$J$C$F(B gid $B$H$+(B uid $B$,$=$N$^$^I=<($5$l$F$$$FH~$7$/$"$j$^$;(B
$B$s!#$3$l$r2r>C$7$F$_$^$7$g$&(B.
6./home/sakura/etc $B$r0J2<$N<j=g$G:n@.$7$F(B permission $B$rJQ99$9$k!#(B
mkdir /home/sakura/etc ;chmod 111 /home/sakura/etc
6./etc/master.passwd $B$r?w7?$K$7$F(B /home/sakura/etc/master.passwd $B$r:n(B
$B@.$9$k!#$3$N(B master.passwd $B%U%!%$%k$O=PMh$l$P(B uid $B$H$+(B gid $B$,$=$N$^$^(B
$BN.$l$J$$$h$&$K$9$k$?$a$NI,MW:GDc8B$N;v$7$+=q$+$J$$J}$,NI$$$H;W$$$^$9!#(B
$B$A$J$_$K!"0J2<$N$h$&$J(B master.passwd $B$rJT=8$7$F$_$^$7$?!#(B
---/home/sakura/etc/master.passwd 
sakura::0:0::0:0:CardCapter,Kinomoto Sakura:/root:/bin/csh
tomoyo::1001:1001::0:0:Sakura's Good Friend,Daidoji Tomoyo:/:/bin/csh
---$B$3$3$^$G(B
7./home/sakura/etc $B$G(B pwd_mkdb -p -d . master.passwd $B$H$7$FI,MW$J%U%!(B
$B%$%k$r@8@.$7$^$9!#(B
#etc $B0J2<$KCV$$$F$*$/$N$O(B pwd.db $B$@$1$G$$$$$N$+$b(B
$B0J>e$G(B uid $B$,$=$N$^$^?t;z$GI=<($5$l$k8=>]$O2r>C$5$l$k$O$:$G$9!#(B

$B<!$K(B gid $B$,$=$N$^$^?t;z$GI=<($5$l$k8=>]$r2r>C$9$k$h$&$K$7$F$_$^$7$g$&!#(B
8./etc/group $B$r?w7?$K(B /home/sakura/etc/group $B$r:n@.$7$^$9!#$3$3$G$O<!(B
$B$N$h$&$J$b$N$r:n@.$7$^$7$?(B
--/home/sakura/etc/group
sakura:*:1001:
--$B$3$3$^$G(B

9.$BG0$N$?$a$K<!$N$h$&$K$7$F(B permission $B$r(B 444 $B$K$7$F$*$-$^$9(B
chmod 444 /home/sakura/etc/group /home/sakura/etc/pwd.db \
/home/sakura/etc/passwd

$B0J>e$G@_Dj$O40N;$G$9!#<B:]$K(B ftp $B$G(B login $B$7$F3N$+$a$F$_$^$7$g$&!#(B
--$B$3$3$+$i(B
%ftp sakura
Connected to localhost.cardcapter.org.
220 flower.cardcapter.org FTP server (Version 6.00) ready.
Name (localhost:ueta): sakura
331 Password required for sakura.
Password:
230 User sakura logged in, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>ls
-----snip ----
drwxr-xr-x   2 tomoyo  sakura      512 Oct  32 26:30 tmp
----snip----
--$B$3$3$^$G(B
$B%P%C%A%j$G$9$M(B :-)

$B$5$i$KG0$N$?$a(B
Q1.chroot $B$r@_Dj$7$?$O$:$N(B user $B$G(B ftp login $B$7$F$b$&$^$/$$$+$J$$!#(B
A1.$B$$$/$D$+;vNc$r?dDj$7$J$,$iBP=hJ}$r=q$$$F$$$-$^$9!#(B
(1)(chroot $B$K$O8B$i$:(B)ftp $B$G(B login $B$G$-$J$$!#(B
$B"*(B ftp $B$G(B login $B$5$;$?$$(B user $B$K(B password $B$O@_Dj$5$l$F$$$^$9$+!)(B
   (ftp $B$O(B password $B$N@_Dj$5$l$F$$$J$$(B user $B$O(B login $B$G$-$^$;$s(B)
(2) ftp $B$N(B login $B$K$O@.8y$7$?$1$I(B chroot $B$5$l$F$$$J$$!#(B
$B"*(B /etc/ftpchroot $B$K(B chroot $B$5$;$?$$(B user $B$N(B account $B$,@5$7$/5-=R$5$l(B
$B$F$$$^$9$+!)(B
   ($B$3$3$r4V0c$C$F$$$k$H!"L^O@(B chroot $B$O$5$l$^$;$s(B)
(3)$BG'>Z$K$O@.8y$7$?$h$&$@$1$I(B
>Password:
>550 Can't change root.
>ftp: Login failed.
$B$H=P$F(B login $B$G$-$J$$!#(B
$B"*(B user $B$N(B home directory $B$O@5$7$/@_Dj$5$l$F$$$^$9$+!)(B
  (ftpd $B$OB8:_$7$J$$(B directory $B$K(B chroot $B$K$7$h$&$H$7$?$H$-!"(Blogin $B$r(B
$B$1$k$h$&$G$9(B)
(4)login $B$b$G$-$F(B ftp> $B$H$$$&%W%m%s%W%H$b=P$?$1$I(B ls $B$H$d$C$F$b2?$bI=(B
$B<($5$l$J$$!#(B
$B"*>e$N<j=g$K$7$?$,$C$F!"(Bls $B$r$-$A$s$H=jDj$N0LCV$K(B copy $B$7$F$"$2$F2<$5(B
$B$$!#(B
(5)uid $B$H$+(B gid $B$,$=$N$^$^8+$($FHa$7$$(B
$B"*(B($BIT6q9g$8$c$J$$$1$I(B)$B>e$NJ}K!$K$7$?$,$C$F@5$7$/@_Dj$7$F$/$@$5$$!#(B

$B$J$s$F$H$3$m$G$7$g$&$+(B
$B$G$O(B
---
$B?"ED(B $B@551(B(ueta@pixy.issp.u-tokyo.ac.jp)
