Chroot user PURE FTPD ?

titux · Février 20, 2016, 8:59pm

Bonjour à tous,

J’ai installé pure-ftpd TLS en mode standalone sur Debian Lenny.
Celui-ci utilise les utilisateurs du système. J’ai bien activé l’option pour chrooter les utilisateurs dans leur dossiers respectif:

VIRTUALCHROOT=TRUE

Cependant, les utilisateurs peuvent tout de même remonter dans les fichiers jusqu’au système. Auriez-vous une astuces / info / idée à ce sujet car je ne pense rien avoir oublié.

Merci d’avance pour vos réponses
Bon week end.

emilien68 · Février 20, 2016, 9:00pm

Bonsoir,

pure-pw useradd TonUtilisateur -u ftpuser -d /home/ftpusers/TonUtilisateur

C’est le “-d” qui chroot ton utilisateur.

If you speak english, plus d’aide ici : http://download.pureftpd.org/pub/pure-ftpd/doc/README.Virtual-Users

Bon courage

castet01 · Février 21, 2016, 2:24pm

download.pureftpd.org/pub/pure-ftpd/doc/FAQ

Shared directories and chroot.

-> I have a directory, say /var/incoming, that I want to be shared by every
user. But I want my users to be chrooted. So /var/incoming should be visible
in ‘joe’ and ‘john’ accounts, but those are chrooted. So, how to have the
content of /var/incoming visible in these accounts?

Making a symbolic link won’t work, because when you are chrooted, it means
that everything outside a base directory (your user’s home directory) won’t
be reachable, even though a symbolic link.

But all modern operating systems can mount local directories to several
locations. To have an exact duplicate of your /var/incoming directory
available in /home/john/incoming and /home/joe/incoming, use one of these
commands:

Linux : mount --bind /var/incoming /home/john/incoming
mount --bind /var/incoming /home/joe/incoming
Solaris : mount -F lofs /var/incoming /home/john/incoming
mount -F lofs /var/incoming /home/joe/incoming
FreeBSD : mount_null /var/incoming /home/john/incoming
mount_null /var/incoming /home/joe/incoming

Another alternative is to compile Pure-FTPd with --with-virtualchroot as a
./configure option. With virtual chroot, symbolic links pointing outside a
chroot jail are followed.

Binary packages are compiled with this feature turned on.