[plug] debian etch + vsftpd does not chroot jail users

WolfBite wolfbite_aus at yahoo.com
Tue Apr 29 17:14:35 WST 2008 

Had a devil time with setting up vsftpd.
all the examples never worked out the same.
read about a plugin for webmin for vsftpd
installed webmin & plugin
setup via the plugin and worked a treat :)
then disable webmin (only use it if I need the odd configs to workout)

vsftpd working a treat

give it a go and see if the output config is diff to you

regards 

Denis Brown <dsbrown at cyllene.uwa.edu.au> wrote: Dear PLUG list members,

Despite best efforts I cannot get users to be confined to their chroot 
jails.   Debian etch and vsftpd installed using aptitude.   Vsftpd version 
is 2.0.5

Have scoured the web for info on this and I understand the manner in which 
vsftpd's config file *should* jail users, but it does not :-(   Snippets 
follow:


chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list


User "badboy" appears in /etc/vsftpd.chroot_list

User "badboy" has entry in /etc/passwd like so...
badboy:x:1002:1002:Bad Boy,,,:/home/badboy/./:/bin/bash

The use of a trailing /./ for the home directory specification was 
mentioned in one of the web articles but it apparently makes no difference.

Using pscp.exe on a windows box I can sftp to the host, authenticate as 
badboy and happily issue cd .. commands and traverse the directory tree 
:-(   At each level I can do an ls and see contents.    It was my 
understanding that this should not be possible.

There are no errata or bugs filed against vsftpd that I can see and the 
only mentions that it has on the web generally have been from people who 
messed up the configuration by misinterpreting the config file 
directives.    Maybe I've joined that elite too?

Thoughts appreciated!
Denis


_______________________________________________
PLUG discussion list: plug at plug.org.au
http://www.plug.org.au/mailman/listinfo/plug
Committee e-mail: committee at plug.linux.org.au


       
---------------------------------
Be a better friend, newshound, and know-it-all with Yahoo! Mobile.  Try it now.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.plug.org.au/pipermail/plug/attachments/20080429/c2faa2fe/attachment.html>

More information about the plug mailing list