How to "jail" a ftp user inside its home directory (proftpd)?
Solution 1
The DefaultRoot
line needs to be at the end of the configuration file.
Solution 2
I believe the problem could be that you have multiple DefaultRoot(s) specified. As the ProFTPd documentation explains:
If two DefaultRoot directives apply to the same user, ProFTPD arbitrarily chooses one (based on how the configuration file was parsed)
You could try commenting out the first DefaultRoot directive and see if that helps to resolve the problem.
Solution 3
I think that best option in your case will be jail users in their directories. You can use the little known %u
variable. Documentation seas:
It will be substituted, during the handling of an FTP session, with the name of the user who logged in.
Solution 4
edit
This is a method of jailing users in their own home directory.
- This is an standard function in ProFTPd
- Open /etc/proftpd/proftpd.conf
- Uncomment #DefaultRoot ~
- replace with DefaultRoot /home/someuser someuser
(Let’s quickly explain the line above. DefaultRoot is the parameter used by proftpd to enable the jail functionality. someuser is the primary group of all users being chrooted (by default this is the same as the username). /home/someuser is the directory where the user will be jailed.)
- Then execute "/etc/init.d/proftpd restart"
Related videos on Youtube
some.hacker
Updated on September 17, 2022Comments
-
some.hacker over 1 year
Here is a code snippet and its resulting output. The code appears to update the attribute, but when I check the record manually in the database, there is no change. This is confirmed by .changed? returning false. What have I done wrong?
class Ticket < ActiveRecord::Base ##+-----------------+-----------------------+------+-----+---------+-------+ ##| Field | Type | Null | Key | Default | Extra | ##+-----------------+-----------------------+------+-----+---------+-------+ ##| ticketid | bigint(20) unsigned | NO | PRI | NULL | | ##| ticketnumber | bigint(20) unsigned | NO | | NULL | | ##| contactname | char(40) | YES | | NULL | | ##| department | char(40) | YES | | NULL | | ##| tech | char(40) | YES | | NULL | | ##| timeopened | char(18) | YES | | NULL | | ##| timelastchanged | char(18) | YES | | NULL | | ##| mintuesopen | mediumint(8) unsigned | YES | | NULL | | ##| searchtermlist | varchar(255) | YES | | NULL | | ##+-----------------+-----------------------+------+-----+---------+-------+ attr_accessible :searchtermlist, :minutesopen, :timelastchanged, :tech end .... thisticket = Ticket.find_by_ticketid(ticketid) if thisticket != nil puts "---Ticket #{ticketid} Found!" if thisticket.searchtermlist.include? importedsearchtermlist puts "---Search term list current! Skipping..." else puts "---Updating search term list for ticket #{ticketid}" puts importedsearchtermlist puts thisticket.ticketid puts thisticket.searchtermlist updatedsearchtermlist = thisticket.searchtermlist << "," << importedsearchtermlist puts updatedsearchtermlist thisticket.searchtermlist = updatedsearchtermlist result = thisticket.save! puts result puts thisticket.changed? puts thisticket.searchtermlist sleep(60) end
And the output:
---Ticket 47048 Found! ---Updating search term list for ticket 47048 virus 47048 update update,virus true false update,virus
-
pvieira almost 14 yearsThanks for the answer, but I've already tried that and didn't work.