vsFTPd and symbolic links
Posted on May 23rd, 2009 at 18:20, in How To, Linux.
vsFTPd is probably the most secure FTP daemon that exists for *nix operating systems and that is shipped with a number of Linux distributions as the default FTP server. Given the fact that its purpose is offering an FTP daemon implementation with regards to security, there are some limitations.
One of these limitations includes the use of symbolic links. vsFTPd doesn’t allow browsing symbolic link targets as long as their target is outside the user’s chroot. Let’s try the following scenario (based on my router’s configuration):
- we have this folder: /tmp/harddisk/music
- we have the following folder for user: /tmp/harddisk/ftp_pvt/user
- we create a symbolic link inside user‘s folder to point to the music folder:
ln -s /tmp/harddisk/music /tmp/harddisk/ftp_pvt/user/music
It seems like everything is okay. As long as the permissions for the folder music grants access for the right users, everybody following that symbolic link on the system should be able to do whatever he/she is allowed. But when trying to access that folder (following the symbolic link) via vsFTPd, the user will get:
Status: Retrieving directory listing... Command: CWD /disc0_3/ftp_pvt/user/music Response: 550 Failed to change directory. Error: Failed to retrieve directory listing
So, what’s the solution besides the stupid one of copying the directory that you want to be accessed to a place where user has access? Simple. Mount! How? Well, like this:
- create a directory inside user‘s chroot:
- mount the folder you want user to access using the bind option:
mkdir /tmp/harddisk/ftp_pvt/user/music
mount --bind /tmp/harddisk/music /tmp/harddisk/ftp_pvt/user/music
Now you can properly give access to folders and files located outside of a user’s chroot without compromising security using vsFTPd. Any complaints?
Similar Posts:
- VirtualBox USB support
- Securing WordPress from the ground up
- How to install Ubuntu Desktop Edition
- Adobe Reader in Ubuntu
- OpenOffice.org 3, Ubuntu and Romanian fonts
Recent Comments
nick said:
Oh and so you know it’s a working LBP3000 on Ubuntu 9.04 (Jaunty Jackalope) more»
nick said:
OMG. Mate you’re a legend. I’ve spent countless hours/days/years trying to get this LBP3000 to work and your script does... more»
Rutger said:
Fix worked. Thanks! My system info: OpenSuse 11.3 with kernel 2.6.34-12-pae. more»
gabriele vidali said:
testing it on maverick but got problems with cndrvcups-common and cupsys more»
neverstock said:
If you upgrade yahoo tool bar it will fix the no right click problem more»
Badges
 |
 |
 |
Hosted by
© 2009 - 2010 Radu Cotescu. All Rights Reserved.
Think you've got something to say?
For leaving comments including source code or terminal output, please use the the following tags like in the next example:
where you substitutelanguagewith the programming laguage used throught the code example (for terminal output that would be bash), e.g:To see a list of all the supported languages, please check this page.
If you want to include code bits inline, please use the
codetags like in the following example: