Automatically change to subfolder in chroot jail on login Announcing the arrival of Valued Associate #679: Cesar Manara Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern) Come Celebrate our 10 Year Anniversary!How to create virtual users in vsftpd?vsftp “Access is denied” when writing as an authenticated userVSFTPD won't allow upload to mounted (Shared) Directory. RHEL6Vsftpd access over wanChroot user VSFTPD, can't enter FolderChroot Jailing groups via sshd_config for FTP results in connection aborted for all members in that groupFTP over SSH chroot permissionsvsftpd on rhel 7.4 disallowing write & modifyVsftpd user authenticationFTP: Jail user to Home folder

How often does castling occur in grandmaster games?

What does Turing mean by this statement?

AppleTVs create a chatty alternate WiFi network

How to change the tick of the color bar legend to black

Central Vacuuming: Is it worth it, and how does it compare to normal vacuuming?

Tips to organize LaTeX presentations for a semester

How to write capital alpha?

Why is the change of basis formula counter-intuitive? [See details]

What adaptations would allow standard fantasy dwarves to survive in the desert?

i2c bus hangs in master RPi access to MSP430G uC ~1 in 1000 accesses

Found this skink in my tomato plant bucket. Is he trapped? Or could he leave if he wanted?

Delete free apps from library

A proverb that is used to imply that you have unexpectedly faced a big problem

As a dual citizen, my US passport will expire one day after traveling to the US. Will this work?

Sally's older brother

Why is it faster to reheat something than it is to cook it?

Should a wizard buy fine inks every time he want to copy spells into his spellbook?

My mentor says to set image to Fine instead of RAW — how is this different from JPG?

Is openssl rand command cryptographically secure?

Mounting TV on a weird wall that has some material between the drywall and stud

Is there any word for a place full of confusion?

The Nth Gryphon Number

What does the writing on Poe's helmet say?

Special flights



Automatically change to subfolder in chroot jail on login



Announcing the arrival of Valued Associate #679: Cesar Manara
Planned maintenance scheduled April 23, 2019 at 23:30 UTC (7:30pm US/Eastern)
Come Celebrate our 10 Year Anniversary!How to create virtual users in vsftpd?vsftp “Access is denied” when writing as an authenticated userVSFTPD won't allow upload to mounted (Shared) Directory. RHEL6Vsftpd access over wanChroot user VSFTPD, can't enter FolderChroot Jailing groups via sshd_config for FTP results in connection aborted for all members in that groupFTP over SSH chroot permissionsvsftpd on rhel 7.4 disallowing write & modifyVsftpd user authenticationFTP: Jail user to Home folder



.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;








4















I'm setting up an FTP server to replace an old windows server install. I'm using vsftpd on Ubuntu 16.04.



There are multiple users (automated test systems) external to the company, and we want to make the change transparent - no changes required to client machines



I have followed this guide and setup the virtual users and chroot jail. This works correcty, and when I log in using Filezilla, I can see that I am successfully chrooted into the virtual user's home directory (home/vftp/$USER).



However. This directory must not be writeable, to prevent breakout from the jail, so I have created a sub-directory home/vftp/$USER/uploads with write permissions. Because I don't want to have to make changes on the client machines, I need for them to be changed to this uploads directory upon login so that they just login + upload without having to change directory.



I'm aware that I can allow a writeable root (and hence not require a subfolder) with allow_writeable_chroot=YES, but as this is an externally-facing machine that's not really a great idea.



Is there a way that I can put the user in a chroot jail, but switch their working directory to a sub-directory?






vsftpd







share|improve this question
























  • I don't know a working solution, but I would probably look into pam_exec, matching on group, on successful login, exec a script which has the commands to put them in the subdir. I am not sure that all clients will play well with this however.

    – Aaron
    Apr 11 '18 at 21:39











  • @Aaron Thanks. That's exactly what I'd concluded yesterday, too, after some more searching of the interwebs. Some experimenting required now methinks.

    – SiHa
    Apr 12 '18 at 7:04

















4















I'm setting up an FTP server to replace an old windows server install. I'm using vsftpd on Ubuntu 16.04.



There are multiple users (automated test systems) external to the company, and we want to make the change transparent - no changes required to client machines



I have followed this guide and setup the virtual users and chroot jail. This works correcty, and when I log in using Filezilla, I can see that I am successfully chrooted into the virtual user's home directory (home/vftp/$USER).



However. This directory must not be writeable, to prevent breakout from the jail, so I have created a sub-directory home/vftp/$USER/uploads with write permissions. Because I don't want to have to make changes on the client machines, I need for them to be changed to this uploads directory upon login so that they just login + upload without having to change directory.



I'm aware that I can allow a writeable root (and hence not require a subfolder) with allow_writeable_chroot=YES, but as this is an externally-facing machine that's not really a great idea.



Is there a way that I can put the user in a chroot jail, but switch their working directory to a sub-directory?






vsftpd







share|improve this question
























  • I don't know a working solution, but I would probably look into pam_exec, matching on group, on successful login, exec a script which has the commands to put them in the subdir. I am not sure that all clients will play well with this however.

    – Aaron
    Apr 11 '18 at 21:39











  • @Aaron Thanks. That's exactly what I'd concluded yesterday, too, after some more searching of the interwebs. Some experimenting required now methinks.

    – SiHa
    Apr 12 '18 at 7:04













4












4








4








I'm setting up an FTP server to replace an old windows server install. I'm using vsftpd on Ubuntu 16.04.



There are multiple users (automated test systems) external to the company, and we want to make the change transparent - no changes required to client machines



I have followed this guide and setup the virtual users and chroot jail. This works correcty, and when I log in using Filezilla, I can see that I am successfully chrooted into the virtual user's home directory (home/vftp/$USER).



However. This directory must not be writeable, to prevent breakout from the jail, so I have created a sub-directory home/vftp/$USER/uploads with write permissions. Because I don't want to have to make changes on the client machines, I need for them to be changed to this uploads directory upon login so that they just login + upload without having to change directory.



I'm aware that I can allow a writeable root (and hence not require a subfolder) with allow_writeable_chroot=YES, but as this is an externally-facing machine that's not really a great idea.



Is there a way that I can put the user in a chroot jail, but switch their working directory to a sub-directory?






vsftpd







share|improve this question
















I'm setting up an FTP server to replace an old windows server install. I'm using vsftpd on Ubuntu 16.04.



There are multiple users (automated test systems) external to the company, and we want to make the change transparent - no changes required to client machines



I have followed this guide and setup the virtual users and chroot jail. This works correcty, and when I log in using Filezilla, I can see that I am successfully chrooted into the virtual user's home directory (home/vftp/$USER).



However. This directory must not be writeable, to prevent breakout from the jail, so I have created a sub-directory home/vftp/$USER/uploads with write permissions. Because I don't want to have to make changes on the client machines, I need for them to be changed to this uploads directory upon login so that they just login + upload without having to change directory.



I'm aware that I can allow a writeable root (and hence not require a subfolder) with allow_writeable_chroot=YES, but as this is an externally-facing machine that's not really a great idea.



Is there a way that I can put the user in a chroot jail, but switch their working directory to a sub-directory?






vsftpd




vsftpd






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited Apr 11 '18 at 13:46







SiHa

















asked Apr 11 '18 at 13:22









SiHaSiHa

1213




1213












  • I don't know a working solution, but I would probably look into pam_exec, matching on group, on successful login, exec a script which has the commands to put them in the subdir. I am not sure that all clients will play well with this however.

    – Aaron
    Apr 11 '18 at 21:39











  • @Aaron Thanks. That's exactly what I'd concluded yesterday, too, after some more searching of the interwebs. Some experimenting required now methinks.

    – SiHa
    Apr 12 '18 at 7:04

















  • I don't know a working solution, but I would probably look into pam_exec, matching on group, on successful login, exec a script which has the commands to put them in the subdir. I am not sure that all clients will play well with this however.

    – Aaron
    Apr 11 '18 at 21:39











  • @Aaron Thanks. That's exactly what I'd concluded yesterday, too, after some more searching of the interwebs. Some experimenting required now methinks.

    – SiHa
    Apr 12 '18 at 7:04
















I don't know a working solution, but I would probably look into pam_exec, matching on group, on successful login, exec a script which has the commands to put them in the subdir. I am not sure that all clients will play well with this however.

– Aaron
Apr 11 '18 at 21:39





I don't know a working solution, but I would probably look into pam_exec, matching on group, on successful login, exec a script which has the commands to put them in the subdir. I am not sure that all clients will play well with this however.

– Aaron
Apr 11 '18 at 21:39













@Aaron Thanks. That's exactly what I'd concluded yesterday, too, after some more searching of the interwebs. Some experimenting required now methinks.

– SiHa
Apr 12 '18 at 7:04





@Aaron Thanks. That's exactly what I'd concluded yesterday, too, after some more searching of the interwebs. Some experimenting required now methinks.

– SiHa
Apr 12 '18 at 7:04










1 Answer
1






active

oldest

votes


















1














If you can set the user home directory, you can specify passwd_chroot_enable=YES in vsftpd.conf along with a home directory such as /home/vftp/USER/./uploads in /etc/passwd.



It will create the chroot jail in /home/vftp/USER and use the uploads subdirectory as the user HOME directory.






share|improve this answer























  • Thanks - I can't mark as accepted, because we went a different way eventually, so I can't test it out.

    – SiHa
    Apr 15 at 8:00











Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);













draft saved

draft discarded


















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f907161%2fautomatically-change-to-subfolder-in-chroot-jail-on-login%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









1














If you can set the user home directory, you can specify passwd_chroot_enable=YES in vsftpd.conf along with a home directory such as /home/vftp/USER/./uploads in /etc/passwd.



It will create the chroot jail in /home/vftp/USER and use the uploads subdirectory as the user HOME directory.






share|improve this answer























  • Thanks - I can't mark as accepted, because we went a different way eventually, so I can't test it out.

    – SiHa
    Apr 15 at 8:00















1














If you can set the user home directory, you can specify passwd_chroot_enable=YES in vsftpd.conf along with a home directory such as /home/vftp/USER/./uploads in /etc/passwd.



It will create the chroot jail in /home/vftp/USER and use the uploads subdirectory as the user HOME directory.






share|improve this answer























  • Thanks - I can't mark as accepted, because we went a different way eventually, so I can't test it out.

    – SiHa
    Apr 15 at 8:00













1












1








1







If you can set the user home directory, you can specify passwd_chroot_enable=YES in vsftpd.conf along with a home directory such as /home/vftp/USER/./uploads in /etc/passwd.



It will create the chroot jail in /home/vftp/USER and use the uploads subdirectory as the user HOME directory.






share|improve this answer













If you can set the user home directory, you can specify passwd_chroot_enable=YES in vsftpd.conf along with a home directory such as /home/vftp/USER/./uploads in /etc/passwd.



It will create the chroot jail in /home/vftp/USER and use the uploads subdirectory as the user HOME directory.







share|improve this answer












share|improve this answer



share|improve this answer










answered Apr 15 at 7:33









Christophe Drevet-DroguetChristophe Drevet-Droguet

1,43211222




1,43211222












  • Thanks - I can't mark as accepted, because we went a different way eventually, so I can't test it out.

    – SiHa
    Apr 15 at 8:00

















  • Thanks - I can't mark as accepted, because we went a different way eventually, so I can't test it out.

    – SiHa
    Apr 15 at 8:00
















Thanks - I can't mark as accepted, because we went a different way eventually, so I can't test it out.

– SiHa
Apr 15 at 8:00





Thanks - I can't mark as accepted, because we went a different way eventually, so I can't test it out.

– SiHa
Apr 15 at 8:00

















draft saved

draft discarded
















































Thanks for contributing an answer to Server Fault!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f907161%2fautomatically-change-to-subfolder-in-chroot-jail-on-login%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

Wikipedia:Vital articles Мазмуну Biography - Өмүр баян Philosophy and psychology - Философия жана психология Religion - Дин Social sciences - Коомдук илимдер Language and literature - Тил жана адабият Science - Илим Technology - Технология Arts and recreation - Искусство жана эс алуу History and geography - Тарых жана география Навигация менюсу

Image
centralized watchlist Wikipedia:Vital articles Wikipedia дан Jump to navigation Jump to search This is a list of basic subjects for which Wikipedia should have a corresponding high-quality article, and ideally a featured article. It also serves as a centralized watchlist and tracks the status of some of Wikipedia's most essential articles. Ideally this page should list approximately 1,000 of the most vital Wikipedia articles. Мазмуну 1 Biography - Өмүр баян 1.1 Actors, dancers and models - Актёрлор, бийчилер жана моделдер 1.2 Artists and architects - Сүрөтчүлөр жана архитекторлор 1.3 Authors, playwrights and poets - Жазуучулар, драматургдар жана акындар 1.4 Composers and musicians - Композиторлор жана музыканттар 1.5 Explorers and travelers - Изилдөөчүлөр менен саякатчылар 1.6 Film directors and screenwriters - Режиссёрлор жана сценаристтер 1.7 Inventors, scientists and mathematicians - Ойлоп табуучулар, окумуштуулар жана математиктер
Read more

Bruxelas-Capital Índice Historia | Composición | Situación lingüística | Clima | Cidades irmandadas | Notas | Véxase tamén | Menú de navegacióneO uso das linguas en Bruxelas e a situación do neerlandés"Rexión de Bruxelas Capital"o orixinalSitio da rexiónPáxina de Bruselas no sitio da Oficina de Promoción Turística de Valonia e BruxelasMapa Interactivo da Rexión de Bruxelas-CapitaleeWorldCat332144929079854441105155190212ID28008674080552-90000 0001 0666 3698n94104302ID540940339365017018237

Image
AnderlechtCidade de BruxelasIxellesEtterbeekEvereGanshorenJetteKoekelbergAuderghemSchaerbeekBerchem-Sainte-AgatheSaint-GillesMolenbeek-Saint-JeanSaint-Josse-ten-NoodeWoluwe-Saint-LambertWoluwe-Saint-PierreUccleForestWatermaal-Bosvoorde Comunidade Francesa de Bélxica Comunidade Flamenga de Bélxica Comunidade Xermanófona de Bélxica Bruxelas-CapitalRexións de Bélxica francésneerlandésRexiónsBélxicacomunidade francesacomunidade flamengafrancófonaflamengaUnión EuropeaMagrebMarrocosTurquíaAméricaÁfricaRepública Democrática do CongoEuropa central18 de xuño1989FlandresRexión Valoaflamengaséculo XIXClasificación climática de Köppen Bruxelas-Capital Na Galipedia, a Wikipedia en galego. Saltar ata a navegación Saltar á procura Para outras páxinas con títulos homónimos véxase: Bruxelas . Région de Bruxelles-Capitale Brussels Hoofdstedelijk Gewest Bandeira Estado Bélxica Capital Cidade de Bruxelas  • Poboación n/d Lingua oficial As dúas Superficie  • Total 1
Read more

What should I write in an apology letter, since I have decided not to join a company after accepting an offer letterShould I keep looking after accepting a job offer?What should I do when I've been verbally told I would get an offer letter, but still haven't gotten one after 4 weeks?Do I accept an offer from a company that I am not likely to join?New job hasn't confirmed starting date and I want to give current employer as much notice as possibleHow should I address my manager in my resignation letter?HR delayed background verification, now jobless as resignedNo email communication after accepting a formal written offer. How should I phrase the call?What should I do if after receiving a verbal offer letter I am informed that my written job offer is put on hold due to some internal issues?Should I inform the current employer that I am about to resign within 1-2 weeks since I have signed the offer letter and waiting for visa?What company will do, if I send their offer letter to another company

Image
When is the original BFGS algorithm still better than the Limited-Memory version? How well known and how commonly used was Huffman coding in 1979? Inverse-quotes-quine Can the US president have someone sent to jail? Employer wants to use my work email account after I quit, is this legal under German law? Is this a GDPR waiver? Do French speakers not use the subjunctive informally? Low-gravity Bronze Age fortifications Does ultrasonic bath cleaning damage laboratory volumetric glassware calibration? Why do some games show lights shine through walls? Unusual mail headers, evidence of an attempted attack. Have I been pwned? Smooth Julia set for quadratic polynomials Require advice on power conservation for backpacking trip Dimensions of list used in test C-152 carb heat on before landing in hot weather? Is my Rep in Stack-Exchange Form? What happens when your group is victim of a surprise attack but you can't be surprised? How come I was asked by a CBP
Read more