Re: ftpchroot doesn't work

---

• From: Dances With Crows <danSPANceswitTRAPhcrows@xxxxxxxxx>
• Date: Mon, 05 Dec 2005 19:21:44 -0600

---

On 5 Dec 2005 17:08:30 -0800, jb staggered into the Black Sun and said:
> Linux 2.4.21

Old kernel, might want to upgrade that soon. Which version of which
distro are you using?

> if I place the user name in /etc/ftpchroot he should be confine in his
> home directory but he is not! I did restart the server (well,
> restarting inetd could have been less violent) after the change, but
> no way. I'm able to ftp in the home directory of this user, however
> I'm still able to go up and read other directories with cd.. why?

Which FTP daemon are you using? Check its man page/documentation for
details on how it handles chroot. Lessee... the in.ftpd on an older
system here handles everything via /etc/passwd ; a user must have
something like /home/user/./ in the home directory field. The /./ is
used as a "chroot to this directory" marker. We have chrooted FTP
users' shells set to /etc/ftponly . You can actually put anything here,
but whatever you put there must be in /etc/shells .

If you're chrooting people, you may also need to have all the libraries
your FTP daemon requires, executables like bash, ls, grep, gunzip, and
chmod, and various system files like /etc/passwd available in
appropriate locations in *each* chroot directory. This can get annoying
quickly, but it's usually necessary.

If you've done all that, I'm not sure what could be going wrong. First
place to look is the FTP daemon's logfiles.

--
Matt G|There is no Darkness in Eternity/But only Light too dim for us to see
Brainbench MVP for Linux Admin / mail: TRAP + SPAN don't belong
http://www.brainbench.com / "He is a rhythmic movement of the
-----------------------------/ penguins, is Tux." --MegaHAL
.

---

• References:
  • ftpchroot doesn't work
    • From: jb

• Prev by Date: ftpchroot doesn't work
• Next by Date: Re: Ubuntu live CD?
• Previous by thread: ftpchroot doesn't work
• Next by thread: Re: ftpchroot doesn't work
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: FTP guest access chroot not working ... the "root" dir for the chroot is /home/someguy/ftp ... # chroot ftp users ... cannot get out of that jail. ... if you created a symlink inside the jail that points to some real ... (comp.unix.sco.misc) Re: Q: Impact of globbing vulnerability in ftpd ... so ftpd is already chrooted and running with the uid of the user at ... sufficient to allow the vulnerability to be exploited. ... compounded because the FTP server only runs with an effective UID of the ... there are processes outside of the chroot() running as the same user. ... (FreeBSD-Security) ftp & PAM chroot jail dir experts ... hope you ftp chroot dir experts can help me with this one, ... Jan 29 17:57:42 www kernel: Packet log: input ACCEPT lo PROTO=6 ... upload /var/ftp/* /etc no ... (comp.os.linux.security) Re: To chroot or not to chroot? ... > webserver, which should have an http server, webmail, php support, ... > dns, ftp, remote login and a couple more things. ... My understanding of chroot, is that if the service is compromised, then the ... As for login, use sshd and only allow key-based authentication. ... (Security-Basics) Re: allowing root to ftp to localhost ... >> How do I allow root to ftp to localhost but not allow it to ftp in ... > will allow root logins. ... I am using the ftp daemon that comes with debian. ... I am just checking a feature given in one of the emacs tutorials about ... (Debian-User)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• Mailing-Lists
• Newsgroups
• About
• Privacy
• Search
• Imprint

linux.derkeiler.com  > Newsgroups  > comp.os.linux.misc  > 2005-12