Securing-Optimizing-RH-Linux-1_2_437
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
437
/home/ftp/bin, and /home/ftp/lib directories are not required since this new option allows Wu-
ftpd to use its own ls function. We still continue to demonstrate the old method to people that
prefer to copy /bin/ls to the chrootd FTP directory (/home/ftp/bin) and create the appropriated
library related to ls.
The following are the necessary steps to run Wu-ftpd software in a chroot jail:
Step 1
First create all the necessary chrooted environment directories as show bellow:
[root@deep /]# mkdir /home/ftp/dev
[root@deep /]# mkdir /home/ftp/etc
[root@deep /]# mkdir /home/ftp/bin (require only if you are not using the --enable-ls option)
[root@deep /]# mkdir /home/ftp/lib (require only if you are not using the --enable-ls option)
Step 2
Change the new directories permission to 0511 for security reasons:
[root@deep /]# chmod 0511 /home/ftp/dev/
[root@deep /]# chmod 0511 /home/ftp/etc/
[root@deep /]# chmod 0511 /home/ftp/bin (require only if you are not using the --enable-ls option)
[root@deep /]# chmod 0511 /home/ftp/lib (require only if you are not using the --enable-ls option)
The chmod command will make our chrooted dev, etc, bin, and lib directories readable
and executable by the super-user root and executable by the user-group and all users.
Step 3
Copy the "/bin/ls" binary to "/home/ftp/bin" directory and change the permission of ls program to
0111. (You don't want users to be able to modify the binaries):
[root@deep /]# cp /bin/ls /home/ftp/bin (require only if you are not using the --enable-ls option)
[root@deep /]# chmod 0111 /bin/ls /home/ftp/bin/ls (require only if you are not using the --enable-ls option)