How to "jail" a ftp user inside its home directory (proftpd)?

111

Solution 1

The DefaultRoot line needs to be at the end of the configuration file.

Solution 2

I believe the problem could be that you have multiple DefaultRoot(s) specified. As the ProFTPd documentation explains:

If two DefaultRoot directives apply to the same user, ProFTPD arbitrarily chooses one (based on how the configuration file was parsed)

You could try commenting out the first DefaultRoot directive and see if that helps to resolve the problem.

Solution 3

I think that best option in your case will be jail users in their directories. You can use the little known %u variable. Documentation seas:

It will be substituted, during the handling of an FTP session, with the name of the user who logged in.

Solution 4

edit

This is a method of jailing users in their own home directory.

  • This is an standard function in ProFTPd
  • Open /etc/proftpd/proftpd.conf
  • Uncomment #DefaultRoot ~
  • replace with DefaultRoot /home/someuser someuser

(Let’s quickly explain the line above. DefaultRoot is the parameter used by proftpd to enable the jail functionality. someuser is the primary group of all users being chrooted (by default this is the same as the username). /home/someuser is the directory where the user will be jailed.)

  • Then execute "/etc/init.d/proftpd restart"
Share:
111

Related videos on Youtube

some.hacker
Author by

some.hacker

Updated on September 17, 2022

Comments

  • some.hacker
    some.hacker over 1 year

    Here is a code snippet and its resulting output. The code appears to update the attribute, but when I check the record manually in the database, there is no change. This is confirmed by .changed? returning false. What have I done wrong?

    class Ticket < ActiveRecord::Base
    ##+-----------------+-----------------------+------+-----+---------+-------+
    ##| Field           | Type                  | Null | Key | Default | Extra |
    ##+-----------------+-----------------------+------+-----+---------+-------+
    ##| ticketid        | bigint(20) unsigned   | NO   | PRI | NULL    |       |
    ##| ticketnumber    | bigint(20) unsigned   | NO   |     | NULL    |       |
    ##| contactname     | char(40)              | YES  |     | NULL    |       |
    ##| department      | char(40)              | YES  |     | NULL    |       |
    ##| tech            | char(40)              | YES  |     | NULL    |       |
    ##| timeopened      | char(18)              | YES  |     | NULL    |       |
    ##| timelastchanged | char(18)              | YES  |     | NULL    |       |
    ##| mintuesopen     | mediumint(8) unsigned | YES  |     | NULL    |       |
    ##| searchtermlist  | varchar(255)          | YES  |     | NULL    |       |
    ##+-----------------+-----------------------+------+-----+---------+-------+
    
    attr_accessible :searchtermlist, :minutesopen, :timelastchanged, :tech
    
    end
    
    ....
    
    thisticket = Ticket.find_by_ticketid(ticketid)
        if thisticket != nil
            puts "---Ticket #{ticketid} Found!"
            if thisticket.searchtermlist.include? importedsearchtermlist
                puts "---Search term list current! Skipping..."
            else
                puts "---Updating search term list for ticket #{ticketid}"
                puts importedsearchtermlist
                puts thisticket.ticketid
                puts thisticket.searchtermlist
                updatedsearchtermlist = thisticket.searchtermlist << "," << importedsearchtermlist
                puts updatedsearchtermlist
                thisticket.searchtermlist = updatedsearchtermlist
                result = thisticket.save!
                puts result
                puts thisticket.changed?
                puts thisticket.searchtermlist
                sleep(60)
            end
    

    And the output:

    ---Ticket 47048 Found!
    ---Updating search term list for ticket 47048
    virus
    47048
    update
    update,virus
    true
    false
    update,virus
    
  • pvieira
    pvieira almost 14 years
    Thanks for the answer, but I've already tried that and didn't work.