HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_438
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 438 NOTE: This step is necessary only if you’re not using the “--enable-ls” option during the configure time of Wu-ftpd. See the “Compile and Optimize” section in this chapter for more information. Step 4 Find the shared library dependencies of “ls” binary program of Linux: [root@deep /]# ldd /bin/ls (require only if you are not using the “--enable-ls” option) libc.so.6 => /lib/libc.so.6 (0x00125000) /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x00110000) Copy the shared libraries identified above to your new “lib” directory under “/home/ftp” directory: [root@deep /]# cp /lib/libc.so.6 /home/ftp/lib/ (require only if you are not using the “--enable-ls” option) [root@deep /]# cp /lib/ld-linux.so.2 /home/ftp/lib/ (require only if you are not using the “--enable-ls” option) NOTE: These library is needed to make “ls” to work. Also, the steps 3 and 4 above are require only if you want to use the “ls” binary program of Linux instead of the “--enable-ls” option that use the new internal “ls” capability of Wu-ftpd. Step 5 Create your “/home/ftp/dev/null” file: [root@deep /]# mknod /home/ftp/dev/null c 1 3 [root@deep /]# chmod 666 /home/ftp/dev/null Step 6 Copy the “group” and “passwd” files in “/home/ftp/etc” directory. This should not be the same as your true ones. For this reason we’ll remove all non FTP users except the super-user “root” in these both files (passwd and group). [root@deep /]# cp /etc/passwd /home/ftp/etc/ [root@deep /]# cp /etc/group /home/ftp/etc/ Edit the passwd file (vi  /home/ftp/etc/passwd) and delete all entries except the super-user “root” and all your allowed FTP users. It is very important that the “passwd” file in the chroot environment should have entries like: root:x:0:0:root:/:/dev/null ftpadmin:x:502:502::/ftpadmin/:/dev/null NOTE: We can notice two thinks, first the home directory for all users inside this modified “passwd” file are now changed to reflect the new chrooted FTP directory (i.e. /home/ftp/./ftpadmin/ begin /ftpadmin/) also, the name of the user's login shell for the “root” account has been changed to “/dev/null”. Edit the group file (vi /home/ftp/etc/group) and delete all entries except the super-user “root” and all your allowed FTP users. The “group” file should correspond to your normal group  file: root:x:0:root ftpadmin:x:502: