Best practice vsftpd writable root inside chroot()

To: debian-user@lists.debian.org
Subject: Best practice vsftpd writable root inside chroot()
From: Maik Stubbe <lupus@stubbi.org>
Date: Thu, 8 Aug 2013 10:30:32 +0200
Message-id: <[🔎] 20130808083032.GD7632@stubbi.org>

Hi,

I just came accross this new security feature of vsftpd whith which you cannot have your $HOME writable for a chrooted user.

Since this ftp server is a public accessable server with ~60 users and partial nested homedirs, there is no chance that there is no writable homedirectory. Another big point is, the directory structure increased over years. So there is even no possibility to change it and give users an writable directory inside their $HOME.

So what is the best practice to avoid security problems?

1. Using no ftp -> no chance
2. Avoid using chroot is in my opinion a bad idea on a public accessable ftpd.
3. Compiling vsftpd >3.0 from source and using allow_writeable_chroot=YES: This would lead in using non Debian packages and watching them seperatly.
4. Using packages from Jessie: My preffered choice. But how to control security updates?

Any suggestions from your side?


Regards

Reply to:

Follow-Ups:
- Re: Best practice vsftpd writable root inside chroot()
  - From: Bob Proulx <bob@proulx.com>

Prev by Date: Re: battery
Next by Date: Re: battery
Previous by thread: Re: battery
Next by thread: Re: Best practice vsftpd writable root inside chroot()
Index(es):
- Date
- Thread