Re: [rhelv5-list] chroot ftp

Thu, 24 Mar 2011 11:35:28 -0700 

>But there has to be more to it than this. There needs to be a 
>/var/ftp/etc
>directory as well as many other fake system directories that 
>the anonymous
>ftp user can access, if they need to do an ls or a cd command, 
>for example.
>Certainly the ls and cd commands, and any libraries called by 
>them, need to
>be in the jail too?
>

No, not these days.

For instance, when you login with the setup I referenced vsftpd will do
the following:

[pid 24572] chdir("/var/ftp")           = 0
[pid 24572] chroot(".")                 = 0
[pid 24572] setgid(50)                  = 0
[pid 24572] setuid(14)                  = 0

Which chroots the forked process to /var/ftp and drops down to the ftp
user ID.

Ls, cd, etc, are implmented natively without calling the actual 'ls' or
'cd' binaries on the system.

[pid 24572] recvfrom(0, "CWD pub\r\n", 4096, MSG_PEEK, NULL, NULL) = 9
[pid 24572] read(0, "CWD pub\r\n", 9)   = 9
[pid 24572] chdir("pub")                = 0
[pid 24572] getcwd("/pub", 4096)        = 5

[pid 24572] write(0, "150 Here comes the directory lis"..., 39) = 39
[pid 24572] fstat(4, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid 24572] getdents(4, /* 3 entries */, 32768) = 72
[pid 24572] lstat("..", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid 24572] lstat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid 24572] lstat("pub", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid 24572] getdents(4, /* 0 entries */, 32768) = 0
[pid 24572] write(6, "drwxr-xr-x    3 0        0      "..., 180) = 180

While this isn't the same as running the WHOLE service in a chroot, most
people find it as enough. 


This email communication and any files transmitted with it may contain 
confidential and or proprietary information and is provided for the use of the 
intended recipient only.  Any review, retransmission or dissemination of this 
information by anyone other than the intended recipient is prohibited.  If you 
receive this email in error, please contact the sender and delete this 
communication and any copies immediately.  Thank you.
http://www.encana.com


_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list

Reply via email to