DSM-G600, DNS-3xx and NSA-220 Hack Forum

Unfortunately no one can be told what fun_plug is - you have to see it for yourself.

You are not logged in.

Announcement

#1 2012-05-30 18:17:37

gfadel
Member
Registered: 2012-05-30
Posts: 6

Pure-FTPd client user isolation on home folder

Hello,

While I don't manage to install "vsftpd", I have the built-in "Pure-FTPd" running fine, but with one issue.

Let's say I create a user called "guest", which should be able to access only one folder, named "guestfolder".

I have created the share for this folder, which in inside "volume_1".

When I create the user, I set "deny access" to "volume_1", and read-only access to "guestfolder".

When connecting using filezilla, using sftp, the connection is ok, placed at "guest" home directory.

Now comes the issue: this guest users can move outside his home folder (guestfolder).

How to prevent this to happen? I guess I should use the "-a" option on the ftp startup, but I could't figure out myself how to modify/add it to current startup command, without breaking it.

Does someone faced this issue before? Any ideas how to move on?

Thanks,

Gustavo

Offline

 

#2 2012-05-30 23:14:56

gfadel
Member
Registered: 2012-05-30
Posts: 6

Re: Pure-FTPd client user isolation on home folder

Hello,

I have managed to install the "vsftpd" with the help received on http://dns323.kood.org/forum/viewtopic.php?id=7119 (Thanks!), but the same behavior appears now, on regards to the user access.

Although I have in my "vsftpd.conf" file the following (as per http://dns323.kood.org/howto:vsftpd,):

#The following will allow you to put specific users in a chroot so that they cant move back from the chroot dir
chroot_list_enable=YES
#file to keep the chroot users
chroot_list_file=/ffp/etc/vsftpd/vsftpd.chroot_list


The user still can move out of its home folder.

So, regardless of which FTP server I am using, I am not able to configure this.

Any ideas?

Thanks,

Gustavo

Last edited by gfadel (2012-05-31 12:30:30)

Offline

 

#3 2012-05-31 11:01:23

Mijzelf
Member / Developer
Registered: 2008-07-05
Posts: 709

Re: Pure-FTPd client user isolation on home folder

What is the contents of /ffp/etc/vsftpd/vsftpd.chroot_list, and what the value of chroot_local_user? According to the vsftpd.conf manpage the function of this file inverts with the boolean chroot_local_user:

chroot_list_enable
If activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting.

Offline

 

#4 2012-05-31 12:09:47

Sahariar09
New member
Registered: 2012-05-28
Posts: 1

Re: Pure-FTPd client user isolation on home folder

As with other responses, these involve rituals that need to be completed. A compulsion in this case pertains to checking one's body for Rehab anything associated with an obsession. Of the compulsions aforementioned, checking comprises the highest percentage of reported cases by individuals.

Offline

 

#5 2012-05-31 13:01:05

gfadel
Member
Registered: 2012-05-30
Posts: 6

Re: Pure-FTPd client user isolation on home folder

Mijzelf,

So, my config files are at /ffp/etc/vsftpd

vsftpd.chroot_list
wdias

vsftpd.user_list
wdias
gfadel

vsftpd.conf
#The following will allow you to put specific users in a chroot so that they cant move back from the chroot dir
24 chroot_list_enable=YES
25 chroot_local_user=NO
26 #file to keep the chroot users
27 chroot_list_file=/ffp/etc/vsftpd/vsftpd.chroot_list

/etc/passwd
gfadel:x:1002:502:Linux User,,,:/mnt/HD_a4/ftp/gfadel:/bin/sh
wdias:x:1003:1003::/mnt/HD_a4/ftp/wdias:/bin/sh

So I expect the user "wdias" to be locked into its home directory. But as you see below, it doesn't happen.

After login
http://s12.postimage.org/vq4bvpvf1/FTP_Initial.png

User free to move anywhere...
http://s7.postimage.org/td0cw1wi3/FTP_II.png

Thanks,

Gustavo

Offline

 

Board footer

Powered by PunBB
© Copyright 2002–2010 PunBB