Enhancement #2805

FTP: allow chroot on home directory

Added by Giacomo Sanchietti about 7 years ago. Updated about 7 years ago.

Status:CLOSEDStart date:
Priority:NormalDue date:
Assignee:-% Done:

100%

Category:nethserver-vsftpd
Target version:v6.5
Resolution: NEEDINFO:No

Description

When the FTP server is configured to use system users, these users should be chrooted on their home directory.

Actual configuration changes the user's chroot to: /var/lib/nethserver/ftp/<user>.

For example, if the user's home is changed using the lusermod command, the home should be honored as chroot directory.

Associated revisions

Revision aa11f991
Added by Giacomo Sanchietti about 7 years ago

vsftpd.conf: chroot system users to their own home directory. Refs #2805

History

#1 Updated by Giacomo Sanchietti about 7 years ago

  • Status changed from NEW to TRIAGED
  • Target version set to v6.5
  • % Done changed from 0 to 20

#2 Updated by Giacomo Sanchietti about 7 years ago

  • Status changed from TRIAGED to ON_DEV
  • Assignee set to Giacomo Sanchietti
  • % Done changed from 20 to 30

#3 Updated by Giacomo Sanchietti about 7 years ago

  • Status changed from ON_DEV to MODIFIED
  • % Done changed from 30 to 60

#4 Updated by Giacomo Sanchietti about 7 years ago

  • Status changed from MODIFIED to ON_QA
  • Assignee deleted (Giacomo Sanchietti)
  • % Done changed from 60 to 70
Package in nethserver-testing:
  • nethserver-vsftpd-1.0.0-1.0gitaa11f991.ns6.noarch.rpm
Test case
  • create a gis user from web interface, enable remote shell and set the password to "Nethesis,1234"
  • execute following commands:
    config setprop vsftpd status enabled
    mkdir -p /var/lib/nethserver/GISTUDIO
    chown gis:gis /var/lib/nethserver/GISTUDIO
    lusermod -d /var/lib/nethserver/GISTUDIO gis
    config setprop vsftpd UserType system
    db accounts setprop gis FTPAccess enabled
    signal-event nethserver-vsftpd-save
    
  • login using ftp client with gis user
  • check the user is chrooted in /var/lib/nethserver/GISTUDIO directory
  • try to write and read a file from the directory

#5 Updated by Stefano Fancello about 7 years ago

  • Assignee set to Stefano Fancello

#6 Updated by Stefano Fancello about 7 years ago

  • Status changed from ON_QA to VERIFIED
  • Assignee deleted (Stefano Fancello)
  • % Done changed from 70 to 90

vsftpd correctly working, ftp user can't go on the upper level and file upload/download is working.
Tested using gFTP.

#7 Updated by Giacomo Sanchietti about 7 years ago

  • Status changed from VERIFIED to CLOSED
  • % Done changed from 90 to 100
Package in nethserver-updates:
  • nethserver-vsftpd-1.0.1-1.ns6.noarch.rpm

Also available in: Atom PDF