headers
James Devine | 1 Apr 2011 16:36
Picon

[Proftpd-user] Chrooting virtual users

Another question, I'm using ldap for authentication which maps the
authenticated user's uid, gid and home directory.  These users don't
actually exist on the server though and it sounds like chrooting the
user via 'DefaultRoot ~' tries to map ~ via a system lookup.  Is there
a way to chroot the user based on the home directory returned from
ldap if the user is not a system user?

------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 7 comments |
headers
Nikolaos Milas | 1 Apr 2011 17:15
Picon
Favicon

Re: [Proftpd-user] Chrooting virtual users

On 1/4/2011 5:36 μμ, James Devine wrote:

> Another question, I'm using ldap for authentication which maps the
> authenticated user's uid, gid and home directory.  These users don't
> actually exist on the server though and it sounds like chrooting the
> user via 'DefaultRoot ~' tries to map ~ via a system lookup.  Is there
> a way to chroot the user based on the home directory returned from
> ldap if the user is not a system user?
>

Actually, "DefaultRoot ~" chroots virtual users to the home dir returned 
from ldap.

Nick.
Attachment (smime.p7s): application/pkcs7-signature, 5632 bytes
------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf

_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
Permalink | Reply | 6 comments |
headers
James Devine | 1 Apr 2011 17:30
Picon

Re: [Proftpd-user] Chrooting virtual users

Hmm, well currently it's not logging me in when I try to chroot and
I'm seeing the following in the logs:

notice: unable to use '~/' [resolved to '']: No such file or directory
Preparing to chroot to directory '~/'
chroot to '~/' failed for user 'id56001005': No such file or directory
error: unable to set default root directory

mod_ldap is showing that it mapped the homedir:

mod_ldap/2.8.20-20090124: user id56001005, uid 56001005, gid 556,
homedir /home/ldap5, shell

Am I doing something incorrectly then?

On Fri, Apr 1, 2011 at 9:15 AM, Nikolaos Milas <nmilas <at> noa.gr> wrote:
> On 1/4/2011 5:36 μμ, James Devine wrote:
>
>> Another question, I'm using ldap for authentication which maps the
>> authenticated user's uid, gid and home directory.  These users don't
>> actually exist on the server though and it sounds like chrooting the
>> user via 'DefaultRoot ~' tries to map ~ via a system lookup.  Is there
>> a way to chroot the user based on the home directory returned from
>> ldap if the user is not a system user?
>>
>
> Actually, "DefaultRoot ~" chroots virtual users to the home dir returned
> from ldap.
>
> Nick.
(Continue reading)

Permalink | Reply | 5 comments |
headers
TJ Saunders | 1 Apr 2011 17:37

Re: [Proftpd-user] Chrooting virtual users


> mod_ldap is showing that it mapped the homedir:
> 
> mod_ldap/2.8.20-20090124: user id56001005, uid 56001005, gid 556,
> homedir /home/ldap5, shell
> 
> Am I doing something incorrectly then?

What are the permissions on /home and /home/ldap5, respectively?  Use 'ls 
-aln', since that will show the ownership in numeric IDs (rather than 
mapping the IDs to names using /etc/passwd which, in your case, would show 
the wrong/misleading names).

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   The true science and study of man is man.

   	-Pierre Charron

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
ProFTPD Users List   <proftpd-users <at> proftpd.org>
(Continue reading)

Permalink | Reply | 4 comments |
headers
James Devine | 1 Apr 2011 17:52
Picon

Re: [Proftpd-user] Chrooting virtual users

root <at> dev-web1:~> ls -la /home/ldap5/
total 8
drwxr-xr-x 2 56001005  556 4096 2011-03-30 16:31 .
drwxr-xr-x 3 root     root 4096 2011-03-30 16:31 ..

On Fri, Apr 1, 2011 at 9:37 AM, TJ Saunders <tj <at> castaglia.org> wrote:
>
>> mod_ldap is showing that it mapped the homedir:
>>
>> mod_ldap/2.8.20-20090124: user id56001005, uid 56001005, gid 556,
>> homedir /home/ldap5, shell
>>
>> Am I doing something incorrectly then?
>
> What are the permissions on /home and /home/ldap5, respectively?  Use 'ls
> -aln', since that will show the ownership in numeric IDs (rather than
> mapping the IDs to names using /etc/passwd which, in your case, would show
> the wrong/misleading names).
>
> TJ
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>   The true science and study of man is man.
>
>        -Pierre Charron
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> ------------------------------------------------------------------------------
(Continue reading)

Permalink | Reply | 3 comments |
headers
James Devine | 1 Apr 2011 17:54
Picon

Re: [Proftpd-user] Chrooting virtual users

-aln shows the same thing, uid and gid are unresolvable

On Fri, Apr 1, 2011 at 9:52 AM, James Devine <fxmulder <at> gmail.com> wrote:
> root <at> dev-web1:~> ls -la /home/ldap5/
> total 8
> drwxr-xr-x 2 56001005  556 4096 2011-03-30 16:31 .
> drwxr-xr-x 3 root     root 4096 2011-03-30 16:31 ..
>
>
>
> On Fri, Apr 1, 2011 at 9:37 AM, TJ Saunders <tj <at> castaglia.org> wrote:
>>
>>> mod_ldap is showing that it mapped the homedir:
>>>
>>> mod_ldap/2.8.20-20090124: user id56001005, uid 56001005, gid 556,
>>> homedir /home/ldap5, shell
>>>
>>> Am I doing something incorrectly then?
>>
>> What are the permissions on /home and /home/ldap5, respectively?  Use 'ls
>> -aln', since that will show the ownership in numeric IDs (rather than
>> mapping the IDs to names using /etc/passwd which, in your case, would show
>> the wrong/misleading names).
>>
>> TJ
>>
>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>
>>   The true science and study of man is man.
>>
(Continue reading)

Permalink | Reply | 2 comments |
headers
TJ Saunders | 1 Apr 2011 20:18

[Proftpd-user] ProFTPD 1.3.4rc2 released!


Hello, ProFTPD community. The ProFTPD Project team is pleased to
announce that the second release candidate for ProFTPD 1.3.4 is now
available for public consumption.

You can download 1.3.4rc2, including PGP signatures and MD5 sums,
from any of the proftpd mirrors.  Mirrors are available via FTP as:

  ftp.<two_letter_iso_country_code>.proftpd.org

(example: ftp.nl.proftpd.org).  Not all countries have mirrors; however
you should select one that is geographically close to you.

Alternatively, you can download proftpd from the main site:

  ftp://ftp.proftpd.org/distrib/source

RPMs, once available, will be placed here:

  ftp://ftp.proftpd.org/distrib/packages/RPMS

The 1.3.4rc2 release includes major new features and numerous bugfixes.
These include memcache support, PCRE support, and performance improvements
(especially during server startup/restart).  Please read the included
NEWS, RELEASE_NOTES, and ChangeLog files for the full details.

The MD5 sums for the source tarballs are:

  4a10b451949bfb190f47f2759e87b0b9  proftpd-1.3.4rc2.tar.bz2
  352a4cfc93177eafeabe6a144a0335c7  proftpd-1.3.4rc2.tar.gz
(Continue reading)

Permalink | Reply | 0 comments |
headers
TJ Saunders | 1 Apr 2011 20:19

[Proftpd-user] ProFTPD 1.3.3e released!


Hello, ProFTPD community. The ProFTPD Project team is pleased to announce
that the fifth maintenance release for ProFTPD 1.3.3 is now available for
public consumption.

You can download 1.3.3e, including PGP signatures and MD5 sums, from any
of the proftpd mirrors.  Mirrors are available via FTP as:

  ftp.<two_letter_iso_country_code>.proftpd.org

(example: ftp.nl.proftpd.org).  Not all countries have mirrors; however
you should select one that is geographically close to you.

Alternatively, you can download proftpd from the main site:

  ftp://ftp.proftpd.org/distrib/source

RPMs, once available, will be placed here:

  ftp://ftp.proftpd.org/distrib/packages/RPMS

The 1.3.3e release is a maintenance and security release.  It contains
fixes for plaintext command injection in FTPS (Bug#3624), bad SSH
messages which can lead to Dos (Bug#3586), and other bugfixes.

Please read the included NEWS, RELEASE_NOTES, and ChangeLog files for
the full details.

The MD5 sums for the source tarballs are:
(Continue reading)

Permalink | Reply | 0 comments |
headers
TJ Saunders | 1 Apr 2011 22:36

Re: [Proftpd-user] Chrooting virtual users


> -aln shows the same thing, uid and gid are unresolvable
> 
> On Fri, Apr 1, 2011 at 9:52 AM, James Devine <fxmulder <at> gmail.com> wrote:
> > root <at> dev-web1:~> ls -la /home/ldap5/
> > total 8
> > drwxr-xr-x 2 56001005  556 4096 2011-03-30 16:31 .
> > drwxr-xr-x 3 root     root 4096 2011-03-30 16:31 ..

OK.  And what's the User/Group directive in your proftpd.conf (the names); 
what IDs do they resolve to?

TJ

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

   A man said to the Universe: "Sir, I exist!"

   "However," replied the Universe, "the fact has not created in
   me a sense of obligation."

   	-Stephen Crane

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself; 
WebMatrix provides all the features you need to develop and 
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
(Continue reading)

Permalink | Reply | 1 comment |
headers
James Devine | 1 Apr 2011 22:51
Picon

Re: [Proftpd-user] Chrooting virtual users

I got it, the problem was when it was grabbing the homedir it was
using the value returned by uid 'id56001005' but it was looking for it
in the wrong attribute, I mapped uid to the correct attribute and it
works now

On Fri, Apr 1, 2011 at 2:36 PM, TJ Saunders <tj <at> castaglia.org> wrote:
>
>> -aln shows the same thing, uid and gid are unresolvable
>>
>> On Fri, Apr 1, 2011 at 9:52 AM, James Devine <fxmulder <at> gmail.com> wrote:
>> > root <at> dev-web1:~> ls -la /home/ldap5/
>> > total 8
>> > drwxr-xr-x 2 56001005  556 4096 2011-03-30 16:31 .
>> > drwxr-xr-x 3 root     root 4096 2011-03-30 16:31 ..
>
> OK.  And what's the User/Group directive in your proftpd.conf (the names);
> what IDs do they resolve to?
>
> TJ
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>   A man said to the Universe: "Sir, I exist!"
>
>   "However," replied the Universe, "the fact has not created in
>   me a sense of obligation."
>
>        -Stephen Crane
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
(Continue reading)

Permalink | Reply | 0 comments |

Gmane