Sunday, May 5, 2024
Homepage · 12.04
 Popular · Latest · Hot · Upcoming
13
rated 0 times [  13] [ 0]  / answers: 1 / hits: 189402  / 2 Years ago, fri, june 10, 2022, 4:57:26

So far I have been unable to keep an FTP user jailed to their website directory. Is there a solution that both fixes this bug and keeps the user jailed to their directory?



My vsFTPd settings that I changed:



listen_port=9000

Set: anonymous_enable=NO

Uncomment: local_enable=YES

Uncomment: write_enable=YES

Uncomment: local_umask=022

Set: connect_from_port_20=NO

Uncomment: idle_session_timeout=600

Uncomment: data_connection_timeout=120

Comment out: #ftpd_banner=Welcome to blah FTP service. [should be on line 104]

Added: banner_file=/etc/issue.net

Uncomment: chroot_local_user=YES

Uncomment: chroot_local_user=YES

Uncomment: chroot_list_enable=YES

Uncomment : chroot_list_file=/etc/vsftpd.chroot_list


At the end of the file I added:



# Show hidden files and the "." and ".." folders.

# Useful to not write over hidden files:

force_dot_files=YES



# Hide the info about the owner (user and group) of the files.

hide_ids=YES



# Connection limit for each IP address:

max_per_ip=10



# Maximum number of clients:

max_clients=5



# FTP Passive Settings

pasv_enable=YES

#If your listen_port is 9000 set this range to 7500 and 8500

pasv_min_port=[port range min]

pasv_max_port=[port range max]


The user in question, mybloguser, is jailed to her/his website directory under /srv/www/myblog and this user is not part of the nano /etc/vsftpd.chroot_list file. The user’s home directory is also /srv/www/myblog which used to work in the past.



I tried the allow_writeable_chroot=YES solution which did not work, and actually broke vsFTPd completely.



I have tried:





How can we both fix this error and keep the user jailed to their home directory?


More From » 12.04
 Answers
6

After further review of this post, in the comments a package was posted that fixed my issue. You can search for it by either my name or "Marks" Documentation: http://www.benscobie.com/fixing-500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/. Here are my details of how I fixed this further.



USERS ARE STILL JAILED TO THEIR HOME DIRECTORIES!!!



# ------------------------------------------------------------------------------

# SETUP FTP USERS --------------------------------------------------------------

# ------------------------------------------------------------------------------



# create the ftp users and lock them to the website directories

useradd -d /srv/www/[website/appname] -m [ftp user name]



# set the ftp account passwords

passwd [ftp user name]



# add the ftp users to the www-data user/group

adduser [ftp user name] www-data



# BUG FIX: 500 OOPS: vsftpd: refusing to run with writable root inside chroot()

sudo add-apt-repository ppa:thefrontiergroup/vsftpd

sudo apt-get update

sudo apt-get install vsftpd



# Edit the vsftpd.conf and append this setting to the end of the file to keep users' jailed!

nano /etc/vsftpd.conf



# add all of the text between the starting [[ and ending ]]

# [[



# Keep non-chroot listed users jailed

allow_writeable_chroot=YES



# ]]



# restart the service for changes to take effect

sudo service vsftpd restart



#test ftp via secondary terminal window:

ftp [ftp user name]@[server ipaddress] [ftp port]

[#33277] Sunday, June 12, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
soahan
Add To Favorites
Follow
Total Points: 230
Total Questions: 123
Total Answers: 123
Location: Maldives
Member since Tue, Dec 21, 2021
2 Years ago
soahan questions
Tue, Aug 3, 21, 01:56, 3 Years ago
Fri, May 7, 21, 06:17, 3 Years ago
Mon, Jan 16, 23, 05:49, 1 Year ago
Mon, Dec 13, 21, 14:40, 2 Years ago
Wed, Feb 15, 23, 16:34, 1 Year ago
View All
;