LinuxQuestions.org - Which ftp server software "chroots" users by default.

- Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)

- - Which ftp server software "chroots" users by default. (https://www.linuxquestions.org/questions/linux-newbie-8/which-ftp-server-software-chroots-users-by-default-661570/)

uncle-c

08-09-2008 04:34 AM

Which ftp server software "chroots" users by default.

Hi
I'm looking to install an ftp server on a machine, one which combines the best security practices along with ease and speed of configuration. Ideally I am looking for software which locks users ( anonymous or users with accounts ) into their home accounts like a "chroot jail" by default and hence does not let them traverse across the file system. However, I do not want to have to compile the software from source with special "chroot" options / parameters as that is not one of my strong points !
Any advice on which software would be best suited for my purposes ?
Thanks for the help.

Regards,
UC

colucix

08-09-2008 05:00 AM

If I remember well, Proftpd jails users in chroot environment by default. But it should not be so painful in Vsftpd. I think you have not to compile from source, just edit the configuration file. There must be some examples in the documentation.

billymayday

08-09-2008 05:11 AM

vsftp has chrooting as a config option. Not sure if it's default behavior, but doesn't really matter if it's in there

uncle-c

08-09-2008 05:22 AM

Great stuff ! Thanks a lot for the help gents. Will give Vsftpd a go.

Thanks again !

uc.

sir-lancealot

08-09-2008 07:11 AM

uc, yes vsftp works great as that is what I am using. You can actually jail (chroot) everyone or a list, see this section in etc/vsftp/vsftp.conf

chroot_local_user=NO
# users to NOT chroot().
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list

so you can stick the users you want to root in that file and only chroot them.

Lr

uncle-c

08-09-2008 07:44 AM

Thanks sir-L ! So could I add user "anonymous" to the /etc/vsftpd.chroot_list file as well or should I alter the specific line in the vsftp.conf file which will allow for chrooted "anonymous" login ? Basically I would like anonymous and user logins but both in the "chrooted" environment.

Thanks

uc

john test

08-09-2008 10:41 AM

"proftp" works and so does "fakeroot"
proftp installed with the xampp package and provides a Fake Root for FTP and the Apache Webserver. Since the Proftp install does the job, I have never had to use the "fakeroot" command. I just happened to notice it when I did apropos *
Good Luck with your project

Mr. C.

08-09-2008 08:04 PM

Quote:

Originally Posted by uncle-c (Post 3241702)

...So could I add user "anonymous" to the /etc/vsftpd.chroot_list file as well or should I alter the specific line in the vsftp.conf file which will allow for chrooted "anonymous" login ? Basically I would like anonymous and user logins but both in the "chrooted" environment.

No, the chroot list is for "local" users only. This includes virtual users that are mapped to a virtual account local user. Anonymous users are chrooted into the directory listed for the ftp user in /etc/passwd.

All times are GMT -5. The time now is 02:28 AM.