Securing-Optimizing-RH-Linux-1_2_438
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
438
NOTE: This step is necessary only if youre not using the --enable-ls option during the configure
time of Wu-ftpd. See the Compile and Optimize section in this chapter for more information.
Step 4
Find the shared library dependencies of ls binary program of Linux:
[root@deep /]# ldd /bin/ls (require only if you are not using the --enable-ls option)
libc.so.6 => /lib/libc.so.6 (0x00125000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00110000)
Copy the shared libraries identified above to your new lib directory under /home/ftp directory:
[root@deep /]# cp /lib/libc.so.6 /home/ftp/lib/ (require only if you are not using the --enable-ls option)
[root@deep /]# cp /lib/ld-linux.so.2 /home/ftp/lib/ (require only if you are not using the --enable-ls option)
NOTE: These library is needed to make ls to work. Also, the steps 3 and 4 above are require only
if you want to use the ls binary program of Linux instead of the --enable-ls option that use the
new internal ls capability of Wu-ftpd.
Step 5
Create your /home/ftp/dev/null file:
[root@deep /]# mknod /home/ftp/dev/null c 1 3
[root@deep /]# chmod 666 /home/ftp/dev/null
Step 6
Copy the group and passwd files in /home/ftp/etc directory. This should not be the same as
your true ones. For this reason well remove all non FTP users except the super-user root in
these both files (passwd and group).
[root@deep /]# cp /etc/passwd /home/ftp/etc/
[root@deep /]# cp /etc/group /home/ftp/etc/
Edit the passwd file (vi /home/ftp/etc/passwd) and delete all entries except the super-user root
and all your allowed FTP users. It is very important that the passwd file in the chroot
environment should have entries like:
root:x:0:0:root:/:/dev/null
ftpadmin:x:502:502::/ftpadmin/:/dev/null
NOTE: We can notice two thinks, first the home directory for all users inside this modified passwd
file are now changed to reflect the new chrooted FTP directory (i.e. /home/ftp/./ftpadmin/ begin
/ftpadmin/) also, the name of the user's login shell for the root account has been changed to
/dev/null.
Edit the group file (vi /home/ftp/etc/group) and delete all entries except the super-user root and
all your allowed FTP users. The group file should correspond to your normal group file:
root:x:0:root
ftpadmin:x:502: