Otdfbt

How often does castling occur in grandmaster games?

What does Turing mean by this statement?

AppleTVs create a chatty alternate WiFi network

How to change the tick of the color bar legend to black

Central Vacuuming: Is it worth it, and how does it compare to normal vacuuming?

Tips to organize LaTeX presentations for a semester

How to write capital alpha?

Why is the change of basis formula counter-intuitive? [See details]

What adaptations would allow standard fantasy dwarves to survive in the desert?

i2c bus hangs in master RPi access to MSP430G uC ~1 in 1000 accesses

Found this skink in my tomato plant bucket. Is he trapped? Or could he leave if he wanted?

Delete free apps from library

A proverb that is used to imply that you have unexpectedly faced a big problem

As a dual citizen, my US passport will expire one day after traveling to the US. Will this work?

Sally's older brother

Why is it faster to reheat something than it is to cook it?

Should a wizard buy fine inks every time he want to copy spells into his spellbook?

My mentor says to set image to Fine instead of RAW — how is this different from JPG?

Is openssl rand command cryptographically secure?

Mounting TV on a weird wall that has some material between the drywall and stud

Is there any word for a place full of confusion?

The Nth Gryphon Number

What does the writing on Poe's helmet say?

Special flights

Automatically change to subfolder in chroot jail on login

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;

4

I'm setting up an FTP server to replace an old windows server install. I'm using vsftpd on Ubuntu 16.04.

There are multiple users (automated test systems) external to the company, and we want to make the change transparent - no changes required to client machines

I have followed this guide and setup the virtual users and chroot jail. This works correcty, and when I log in using Filezilla, I can see that I am successfully chrooted into the virtual user's home directory (home/vftp/$USER).

However. This directory must not be writeable, to prevent breakout from the jail, so I have created a sub-directory home/vftp/$USER/uploads with write permissions. Because I don't want to have to make changes on the client machines, I need for them to be changed to this uploads directory upon login so that they just login + upload without having to change directory.

I'm aware that I can allow a writeable root (and hence not require a subfolder) with allow_writeable_chroot=YES, but as this is an externally-facing machine that's not really a great idea.

Is there a way that I can put the user in a chroot jail, but switch their working directory to a sub-directory?

vsftpd

share|improve this question

edited Apr 11 '18 at 13:46

SiHa

asked Apr 11 '18 at 13:22

SiHaSiHa

1213

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I don't know a working solution, but I would probably look into pam_exec, matching on group, on successful login, exec a script which has the commands to put them in the subdir. I am not sure that all clients will play well with this however.
  
  – Aaron
  Apr 11 '18 at 21:39
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @Aaron Thanks. That's exactly what I'd concluded yesterday, too, after some more searching of the interwebs. Some experimenting required now methinks.
  
  – SiHa
  Apr 12 '18 at 7:04
  

  
  
  
  

add a comment | 

4

I'm setting up an FTP server to replace an old windows server install. I'm using vsftpd on Ubuntu 16.04.

There are multiple users (automated test systems) external to the company, and we want to make the change transparent - no changes required to client machines

I have followed this guide and setup the virtual users and chroot jail. This works correcty, and when I log in using Filezilla, I can see that I am successfully chrooted into the virtual user's home directory (home/vftp/$USER).

However. This directory must not be writeable, to prevent breakout from the jail, so I have created a sub-directory home/vftp/$USER/uploads with write permissions. Because I don't want to have to make changes on the client machines, I need for them to be changed to this uploads directory upon login so that they just login + upload without having to change directory.

I'm aware that I can allow a writeable root (and hence not require a subfolder) with allow_writeable_chroot=YES, but as this is an externally-facing machine that's not really a great idea.

Is there a way that I can put the user in a chroot jail, but switch their working directory to a sub-directory?

vsftpd

share|improve this question

edited Apr 11 '18 at 13:46

SiHa

asked Apr 11 '18 at 13:22

SiHaSiHa

1213

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  I don't know a working solution, but I would probably look into pam_exec, matching on group, on successful login, exec a script which has the commands to put them in the subdir. I am not sure that all clients will play well with this however.
  
  – Aaron
  Apr 11 '18 at 21:39
  

  
  
  
  


• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  @Aaron Thanks. That's exactly what I'd concluded yesterday, too, after some more searching of the interwebs. Some experimenting required now methinks.
  
  – SiHa
  Apr 12 '18 at 7:04
  

  
  
  
  

add a comment | 

I'm setting up an FTP server to replace an old windows server install. I'm using vsftpd on Ubuntu 16.04.

There are multiple users (automated test systems) external to the company, and we want to make the change transparent - no changes required to client machines

I have followed this guide and setup the virtual users and chroot jail. This works correcty, and when I log in using Filezilla, I can see that I am successfully chrooted into the virtual user's home directory (home/vftp/$USER).

However. This directory must not be writeable, to prevent breakout from the jail, so I have created a sub-directory home/vftp/$USER/uploads with write permissions. Because I don't want to have to make changes on the client machines, I need for them to be changed to this uploads directory upon login so that they just login + upload without having to change directory.

I'm aware that I can allow a writeable root (and hence not require a subfolder) with allow_writeable_chroot=YES, but as this is an externally-facing machine that's not really a great idea.

Is there a way that I can put the user in a chroot jail, but switch their working directory to a sub-directory?

vsftpd

share|improve this question

edited Apr 11 '18 at 13:46

SiHa

asked Apr 11 '18 at 13:22

SiHaSiHa

1213

share|improve this question

edited Apr 11 '18 at 13:46

SiHa

asked Apr 11 '18 at 13:22

SiHaSiHa

1213

share|improve this question

edited Apr 11 '18 at 13:46

SiHa

asked Apr 11 '18 at 13:22

SiHaSiHa

1213

asked Apr 11 '18 at 13:22

SiHaSiHa

1213

asked Apr 11 '18 at 13:22

SiHaSiHa

1213

1 Answer
1

active

oldest

votes

1

If you can set the user home directory, you can specify passwd_chroot_enable=YES in vsftpd.conf along with a home directory such as /home/vftp/USER/./uploads in /etc/passwd.

It will create the chroot jail in /home/vftp/USER and use the uploads subdirectory as the user HOME directory.

share|improve this answer

answered Apr 15 at 7:33

Christophe Drevet-DroguetChristophe Drevet-Droguet

1,43211222

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks - I can't mark as accepted, because we went a different way eventually, so I can't test it out.
  
  – SiHa
  Apr 15 at 8:00
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f907161%2fautomatically-change-to-subfolder-in-chroot-jail-on-login%23new-answer', 'question_page');

);

Post as a guest

Name

Email

Required, but never shown

1

If you can set the user home directory, you can specify passwd_chroot_enable=YES in vsftpd.conf along with a home directory such as /home/vftp/USER/./uploads in /etc/passwd.

It will create the chroot jail in /home/vftp/USER and use the uploads subdirectory as the user HOME directory.

share|improve this answer

answered Apr 15 at 7:33

Christophe Drevet-DroguetChristophe Drevet-Droguet

1,43211222

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks - I can't mark as accepted, because we went a different way eventually, so I can't test it out.
  
  – SiHa
  Apr 15 at 8:00
  

  
  
  
  

add a comment | 

1

If you can set the user home directory, you can specify passwd_chroot_enable=YES in vsftpd.conf along with a home directory such as /home/vftp/USER/./uploads in /etc/passwd.

It will create the chroot jail in /home/vftp/USER and use the uploads subdirectory as the user HOME directory.

share|improve this answer

answered Apr 15 at 7:33

Christophe Drevet-DroguetChristophe Drevet-Droguet

1,43211222

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  Thanks - I can't mark as accepted, because we went a different way eventually, so I can't test it out.
  
  – SiHa
  Apr 15 at 8:00
  

  
  
  
  

add a comment | 

If you can set the user home directory, you can specify passwd_chroot_enable=YES in vsftpd.conf along with a home directory such as /home/vftp/USER/./uploads in /etc/passwd.

It will create the chroot jail in /home/vftp/USER and use the uploads subdirectory as the user HOME directory.

share|improve this answer

answered Apr 15 at 7:33

Christophe Drevet-DroguetChristophe Drevet-Droguet

1,43211222

share|improve this answer

answered Apr 15 at 7:33

Christophe Drevet-DroguetChristophe Drevet-Droguet

1,43211222

answered Apr 15 at 7:33

Christophe Drevet-DroguetChristophe Drevet-Droguet

1,43211222

answered Apr 15 at 7:33

Christophe Drevet-DroguetChristophe Drevet-Droguet

1,43211222