Bug 1507143

Summary: Please add documentation for the allow_writeable_chroot configuration option to vsftpd.conf man page.
Product: Red Hat Enterprise Linux 7 Reporter: Thomas Gardner <thgardne>
Component: man-pages-overridesAssignee: Nikola Forró <nforro>
Status: CLOSED ERRATA QA Contact: David Jež <djez>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.5CC: djez, nforro, olysonek, ovasik
Target Milestone: rcKeywords: ManPageChange, Patch
Target Release: 7.5   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: man-pages-overrides-7.5.0-1.el7 Doc Type: Bug Fix
Doc Text:
Cause: New configuration option allow_writeable_chroot was added to vsftpd, but it haven't been added to the vsftpd.conf.5 man page. Consequence: Missing documentation for the new option. Fix: Documentation for the new option was added to the vsftpd.conf.5 man page. Result: allow_writeable_chroot configuration option is now documented in the vsftpd.conf.5 man page.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 18:11:59 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1420851, 1508022    
Attachments:
Description Flags
patch none

Description Thomas Gardner 2017-10-27 19:55:37 UTC 
Description of problem:

The subject pretty much says it all.  A new configuration option (allow_writeable_chroot) was added to vsftpd, but it doesn't seem to have been added to the vsftpd.conf man page.  I've searched high and low, and I can find no indication that this was done intentionally to somehow try to hide it as a "dangerous" option to be used only by people who really know what they're doing or anything like that.  In fact a quick Googling around of the error message that results from the condition this new option was meant to address turns up several times "use allow_writeable_chroot=YES to fix it" with very little said about the security implications of doing so.

It seems that if there are security concerns using this option, it would be wise to go ahead and document this option in the man page, and spell out whatever security concerns in there may be, and propose alternate solutions to the problem, so the user can make an informed decision for themselves if they really want to turn it on or not from official documentation, instead of having to rely on "do this" from "some guy on the interwebs"...
Comment 1 Ondřej Lysoněk 2017-10-31 15:20:44 UTC 
Created attachment 1345978 [details]
patch
Comment 10 errata-xmlrpc 2018-04-10 18:11:59 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0965