Re: ftpd chroot

["Peter H. Coffin" <hellsop@ninehells.com>]

On Fri, May 02, 2003 at 01:12:13AM -0400, Okan Demirmen wrote:
> So my question is related to the ftpd chroot implementation. The
> best way for me to ask is via an example.
> 
> the users homedir is "/home/test" with a symlink in it,
> "/home/test/www -> /var/www/users/test"
> 
> /etc/login.conf snip:
>         :ftp-chroot:\
>         :ftp-dir=~:
> 
> That will drop the user into their home directory from homedir in
> passwd. Now obviously when ftpd' in, chdir to "www" will _not_ work
> due to chroot (all good).
> 
> Now take the following values in /etc/login.conf
>         :ftp-chroot:\
>         :ftp-dir=~/www:
> 
> Again, ftpd will drop me into a chroot, but this time will honor
> the symlink, and it chroots in /home/test/www which is really
> /var/www/users/test.
> 
> My question is: is that intended?

Feature. The symlink is outside the chroot, is followed before the
chroot is finally set, and therefore works.

> If so, I wonder if taking ftp-dir to another level might be possible.
> For example :ftp-dir=/var/www/users/$LOGNAME:.

Should work. Not sure why the distinction is being made.

> Opinions? Flames?

ftp sucks. (:

The only thing I can see that's kind of important is that at least the
people I support want to deal with more files than just what's in their
~foo/ webspace, so I can't lock them into that. Instead I'm browbeating
them into using SFTP/SCP tools.

-- 
6. I will not gloat over my enemies' predicament before killing them.
                --Peter Anspach's list of things to do as an Evil Overlord