Thanks. I really appreciate the help. -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Kinzel, David Sent: Thursday, March 24, 2011 2:27 PM To: Red Hat Enterprise Linux 5 (Tikanga) discussion mailing-list Subject: Re: [rhelv5-list] chroot ftp
>But there has to be more to it than this. There needs to be a
>/var/ftp/etc
>directory as well as many other fake system directories that
>the anonymous
>ftp user can access, if they need to do an ls or a cd command,
>for example.
>Certainly the ls and cd commands, and any libraries called by
>them, need to
>be in the jail too?
>
No, not these days.
For instance, when you login with the setup I referenced vsftpd will do
the following:
[pid 24572] chdir("/var/ftp") = 0
[pid 24572] chroot(".") = 0
[pid 24572] setgid(50) = 0
[pid 24572] setuid(14) = 0
Which chroots the forked process to /var/ftp and drops down to the ftp
user ID.
Ls, cd, etc, are implmented natively without calling the actual 'ls' or
'cd' binaries on the system.
[pid 24572] recvfrom(0, "CWD pub\r\n", 4096, MSG_PEEK, NULL, NULL) = 9
[pid 24572] read(0, "CWD pub\r\n", 9) = 9
[pid 24572] chdir("pub") = 0
[pid 24572] getcwd("/pub", 4096) = 5
[pid 24572] write(0, "150 Here comes the directory lis"..., 39) = 39
[pid 24572] fstat(4, {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid 24572] getdents(4, /* 3 entries */, 32768) = 72
[pid 24572] lstat("..", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid 24572] lstat(".", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid 24572] lstat("pub", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0
[pid 24572] getdents(4, /* 0 entries */, 32768) = 0
[pid 24572] write(6, "drwxr-xr-x 3 0 0 "..., 180) = 180
While this isn't the same as running the WHOLE service in a chroot, most
people find it as enough.
This email communication and any files transmitted with it may contain
confidential and or proprietary information and is provided for the use of
the intended recipient only. Any review, retransmission or dissemination of
this information by anyone other than the intended recipient is prohibited.
If you receive this email in error, please contact the sender and delete
this communication and any copies immediately. Thank you.
http://www.encana.com
_______________________________________________
rhelv5-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/rhelv5-list
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ rhelv5-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/rhelv5-list
