Maik Stubbe wrote: > I just came accross this new security feature of vsftpd whith which > you cannot have your $HOME writable for a chrooted user. If the chroot file system is writable then that has the same security issues as a writable root filesystem. Which is to say it has no security. Simply write your own /etc/passwd and other files into it and then you have root on the system. > Since this ftp server is a public accessable server with ~60 users > and partial nested homedirs, there is no chance that there is no > writable homedirectory. Another big point is, the directory > structure increased over years. So there is even no possibility to > change it and give users an writable directory inside their $HOME. Sounds important. Sounds very constrained. If you have no degrees of freedom then you probably can't do it. :-( > So what is the best practice to avoid security problems? Use sftp instead of ftp. Use http for downloading instead of ftp. > 1. Using no ftp -> no chance You didn't say but are you using ftp for upload access? Since ftp sends passwords in the clear it is unsuitable in these days of a hostile Internet for any purpose other than anonymous downloading. > 2. Avoid using chroot is in my opinion a bad idea on a public > accessable ftpd. But you are already using ftp. Talking about security at that point is like putting a heavy duty lock on a screen door. No matter how good the lock it is still a screen door and won't stop anyone who wants to run through it. > 3. Compiling vsftpd >3.0 from source and using > allow_writeable_chroot=YES: This would lead in using non Debian > packages and watching them seperatly. Use a Debian watch file. See the 'uscan' program for details. But you can have it automatically notify you when new versions arrive. > 4. Using packages from Jessie: My preffered choice. But how to > control security updates? Does the Jessie vsftpd allow writable chroots? Sounds like a bug to be filed to me. > Any suggestions from your side? Use sftp upload instead. All operating systems support it in various ways. Use http download instead. All operating systems easily support it. Bob
Attachment:
signature.asc
Description: Digital signature