Currently I have an account with several virtual FTP sub-accounts, pointing to ~/ftp/userA/ , ~/ftp/userB/, etc. Some users have inside their FTP root folder symbolic links to directories outside it, for instance, ~/someFolder/ or ~/domains/abcd.com/public_html/someOtherFolder/ . However, these links do not work when connecting to the corresponding virtual FTP accounts. This arrangement used to work in our old server. Is there anything I can do to make it work in directadmin? I'm the server owner, so I can do any system-level changes needed.
Disable caged FTP accounts
- Thread starter Protected
- Start date
- Joined
- Feb 27, 2003
- Messages
- 9,158
Hello,
Proftpd chroots all accounts. This is a security feature, most of us consider chrooted accounts a good thing
If you need ftp accounts to somewhere else on your system, then you need to create another ftp account and set the path of that account to point to where it needs to go. (even if you need to manually set it in /etc/proftpd.passwd).
John
Proftpd chroots all accounts. This is a security feature, most of us consider chrooted accounts a good thing
If you need ftp accounts to somewhere else on your system, then you need to create another ftp account and set the path of that account to point to where it needs to go. (even if you need to manually set it in /etc/proftpd.passwd).
John
I want virtual chrooting - chrooting that can be bypassed by symbolic links (symbolic links are treated as normal directories by the daemon). I have pure-ftpd in another port now, so no problem, but it really would be useful if there was built-in support for this.
- Joined
- Feb 27, 2003
- Messages
- 9,158
Although I don't recommend it, based on a 1 second google search of proftpd for "proftpd disable chroot" I found this:
http://www.linuxquestions.org/questions/showthread.php?t=194189
so edit your /etc/proftpd.conf and remove this line:
DefaultRoot ~
John
http://www.linuxquestions.org/questions/showthread.php?t=194189
so edit your /etc/proftpd.conf and remove this line:
DefaultRoot ~
John
I knew that one. What I want is to have chroot ENABLED, but symbolic links working as directories for users using the ftp. So I can make folders that are shared between multiple users, or dynamically insert the folder of one user inside that of the other, while the actual directory in the server remains in the same place.
Real structure:
~/ftp/user1
~/ftp/user2
~/ftp/admin
~/monkey
~/potato
cd ~/ftp/user1
ln -s "/home/me/monkey" "Monkey folder"
cd ~/ftp/user2
ln -s "/home/me/potato" "Potato folder"
cd ~/ftp/admin
ln -s "/home/me/ftp/user1" "User 1 root"
ln -s "/home/me/ftp/user2" "User 2 root"
When I connect to user1, I see the link "Monkey Folder", and I can CWD it. pure-ftpd will tell me I'm in /Monkey Folder.
If I connect to admin, I can CWD User 1 root and then CWD Monkey Folder. pure-ftpd will tell me I'm in /User 1 root/Monkey folder.
As you see, users are still chrooted, but they're in a "virtual" filesystem handled by the daemon. This is very flexible and very useful for large private FTPs. Since this is a system for virtual accounts only (you're still restricted to the parent linux user's "real" account root, so you can't follow a symlink to the outside) it has the other benefits of pure-ftpd's virtual account system - the support for quotas, bw and space usage restrictions, which works even in the shared folders - pure-ftpd just keeps track on your limits in its own internal database instead of measuring directory usages (I don't know if proftp does this or not, but that's besides the point).
For this to work you need to configure pure-ftp --with-virtual-chroot (or something like that).
proftd doesn't seem to allow CWDing symbolic links at all :-/ Even if it's a linux user trying to use the link and chroot is disabled.
Real structure:
~/ftp/user1
~/ftp/user2
~/ftp/admin
~/monkey
~/potato
cd ~/ftp/user1
ln -s "/home/me/monkey" "Monkey folder"
cd ~/ftp/user2
ln -s "/home/me/potato" "Potato folder"
cd ~/ftp/admin
ln -s "/home/me/ftp/user1" "User 1 root"
ln -s "/home/me/ftp/user2" "User 2 root"
When I connect to user1, I see the link "Monkey Folder", and I can CWD it. pure-ftpd will tell me I'm in /Monkey Folder.
If I connect to admin, I can CWD User 1 root and then CWD Monkey Folder. pure-ftpd will tell me I'm in /User 1 root/Monkey folder.
As you see, users are still chrooted, but they're in a "virtual" filesystem handled by the daemon. This is very flexible and very useful for large private FTPs. Since this is a system for virtual accounts only (you're still restricted to the parent linux user's "real" account root, so you can't follow a symlink to the outside) it has the other benefits of pure-ftpd's virtual account system - the support for quotas, bw and space usage restrictions, which works even in the shared folders - pure-ftpd just keeps track on your limits in its own internal database instead of measuring directory usages (I don't know if proftp does this or not, but that's besides the point
).For this to work you need to configure pure-ftp --with-virtual-chroot (or something like that).
proftd doesn't seem to allow CWDing symbolic links at all :-/ Even if it's a linux user trying to use the link and chroot is disabled.