Which ftp server software "chroots" users by default.

uncle-c · 08-09-2008, 05:34 AM

Hi
I'm looking to install an ftp server on a machine, one which combines the best security practices along with ease and speed of configuration. Ideally I am looking for software which locks users ( anonymous or users with accounts ) into their home accounts like a "chroot jail" by default and hence does not let them traverse across the file system. However, I do not want to have to compile the software from source with special "chroot" options / parameters as that is not one of my strong points !
Any advice on which software would be best suited for my purposes ?
Thanks for the help.

Regards,
UC

colucix · 08-09-2008, 06:00 AM

If I remember well, Proftpd jails users in chroot environment by default. But it should not be so painful in Vsftpd. I think you have not to compile from source, just edit the configuration file. There must be some examples in the documentation.

billymayday · 08-09-2008, 06:11 AM

vsftp has chrooting as a config option. Not sure if it's default behavior, but doesn't really matter if it's in there

uncle-c · 08-09-2008, 06:22 AM

Great stuff ! Thanks a lot for the help gents. Will give Vsftpd a go.

Thanks again !

uc.

sir-lancealot · 08-09-2008, 08:11 AM

uc, yes vsftp works great as that is what I am using. You can actually jail (chroot) everyone or a list, see this section in etc/vsftp/vsftp.conf

chroot_local_user=NO
# users to NOT chroot().
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list

so you can stick the users you want to root in that file and only chroot them.

Lr

uncle-c · 08-09-2008, 08:44 AM

Thanks sir-L ! So could I add user "anonymous" to the /etc/vsftpd.chroot_list file as well or should I alter the specific line in the vsftp.conf file which will allow for chrooted "anonymous" login ? Basically I would like anonymous and user logins but both in the "chrooted" environment.

Thanks

uc

john test · 08-09-2008, 11:41 AM

"proftp" works and so does "fakeroot"
proftp installed with the xampp package and provides a Fake Root for FTP and the Apache Webserver. Since the Proftp install does the job, I have never had to use the "fakeroot" command. I just happened to notice it when I did apropos *
Good Luck with your project

Mr. C. · 08-09-2008, 09:04 PM

Quote:

Originally Posted by uncle-c

...So could I add user "anonymous" to the /etc/vsftpd.chroot_list file as well or should I alter the specific line in the vsftp.conf file which will allow for chrooted "anonymous" login ? Basically I would like anonymous and user logins but both in the "chrooted" environment.

No, the chroot list is for "local" users only. This includes virtual users that are mapped to a virtual account local user. Anonymous users are chrooted into the directory listed for the ftp user in /etc/passwd.