vsftpd - restrict access to system directories (/etc, /bin, /opt)
 

Hi!
There is user's home folder that should be accessed with ftp (/home/username) BUT I want to acces an share folder (everyone can share files) like /home/share. Moreover I do not want for that users to access the system directories.

If I jail the user in his home it cannot access /etc, it can access his own home folder BUT cannot access /home/share (If I create ln -s /home/share /home/username/share it will fail changing into that dir).

If I do not jail the user in his home it can access /etc (which is bad) and, of course, it can access /home/username and /home/share.

At the 1st situation I can mount --bind /home/share /home/username (in fstab to be available on boot) BUT it doesn't seems to be a modern solution.


Please help! Ty

Hi,
I'm afraid this is your only way if you want to access directories outside the user's chroot jail. By design vsftpd does not allow to follow symlinks pointing outside the user's homedir

Regards

hide_file={/bin*,/boot*,/dev*,/etc*,/lib*,/lib64*,/media*,/misc*,/mnt*,/net*,/opt*,/proc*,/sbin*,/selinux*,/srv*,/tmp*,/usr*,/var*}
deny_file={/bin*,/boot*,/dev*,/etc*,/lib*,/lib64*,/media*,/misc*,/mnt*,/net*,/opt*,/proc*,/sbin*,/selinux*,/srv*,/tmp*,/usr*,/var*}

Zå solution!

Could be a workaround, but it has a flaw. How deny access to the other users homedirs?

in this case the ftp user see the directories in the /home but cannot acces them because they are (default) with no right for others.
Is identically with cd /home/anotherUser in bash, it will give an error

anyway, is a solution and I think it has no security flaws...