[Klug-general] vsFTPd secure homes

MacGyveR macgyver at thedumbterminal.co.uk
Mon Jul 16 22:53:10 BST 2007


On Monday 16 July 2007 22:15, David Halliday wrote:
> This question is for those more familiar with FTP and chroot.
> My set-up at the moment isn't overly security conscious, only me and a
> trusted friend can log in. What I want is for users to log into their
> /home/<username> directory without being able to just browse to
> anywhere on the system at a whim (the default on vsFTPd). This is
> simply achieved by using the following option in the vsftp.conf file:
> chroot_local_user=YES
>
> Now I'm aware that the man page says:
> chroot_local_user
> If set to YES, local users will be (by default) placed in a chroot()
> jail in their home directory after login. Warning:  This option has
> security implications, especially if the users have upload permission,
> or shell access. Only enable if you know what you are doing. Note that
> these security implications are not vsftpd specific. They apply to all
> FTP daemons which offer to put local users in chroot() jails.
>
> Now the FAQ says this:
> Q) Help! What are the security implications referred to in the
> "chroot_local_user" option?
>
> A) Firstly note that other ftp daemons have the same implications. It is a
> generic problem.
> The problem isn't too severe, but it is this: Some people have FTP user
> accounts which are not trusted to have full shell access. If these
> accounts can also upload files, there is a small risk. A bad user now has
> control of the filesystem root, which is their home directory. The ftp
> daemon might cause some config file to be read - e.g. /etc/some_file. With
> chroot(), this file is now under the control of the user. vsftpd is
> careful in this area. But, the system's libc might want to open locale
> config files or other settings...
>
>
> So my question is... Can I allow my users to access their home
> directories and little else with FTP without having some security
> issue?
>
> I can remember my university having something set up with this exact
> behaviour. But surely a university computer science department (with
> some good minds behind it) wouldn't have left itself open to attack?
> So is this security consideration paranoia or is there a way to get
> the result without being at risk?
>
> This isn't a problem in my current set up but I would like to know if
> there is a proper way of doing things for if ever i get into a
> (hopefully high paying) job where i may need to set up secure servers.
>
> _______________________________________________
> Kent mailing list
> Kent at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/kent

you could chroot the daemon not use the daemon's chroot setting or even use 
both.

here is an example:

mkdir -p /jail/home
mv /home/usera /jail/home/
#link back to the old place just in case you reference it anywhere
ln -s /jail/home/usera /home/usera
#i'm a proftpd user myself so you might have to alter this next line
chroot /jail vsftpd 

make sure you are not running vsftpd as root and your setup should be a bit 
more secure.

on the downside you will need to copy all the files that vsftpd needs to run 
into /jail/....etc.

ps.
do i sense some humor in your comment about uni security? :-)

-- 
--------------------------------
http://www.thedumbterminal.co.uk



More information about the Kent mailing list