Bug 198672

Summary: Home directory is accessed even if local_root is given
Product: [Fedora] Fedora Reporter: Jason Tibbitts <j>
Component: vsftpdAssignee: Maros Barabas <mbarabas>
Status: CLOSED NOTABUG QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 5   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-08-02 14:47:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Jason Tibbitts 2006-07-12 17:30:43 UTC 
I'm running into a problem with vsftpd which could be considered a bug depending
on how you look at things.  Since it's Fedora and selinux related, I thought I'd
bring it up here before bothering the overburdened upstream maintainer.

The base issue is that I have regular users with FTP access but they don't get
access to their home directories.  Instead, I use local_root and user_sub_token
to restrict them into a specific FTP directory.  (The value of chroot_local_user
does  not affect the outcome here.)  I have selinux on and configured so that
the FTP daemon has no access to user home directories, since it doesn't need it
in this configuration.

Unfortunately when a user logs in, vsftpd will first chdir to their home
directory and then immediately chdir to the place defined by local_root.  It
doesn't do anything in their home directory, and looking there is completely
pointless.  It is also forbidden by selinux, and so the FTP session aborts at login.

If I hack the source to not fail when the needless chdir happens, everything
works fine.  Unfortunately I haven't investigated the impact of this change on
other configurations so I can't suggest a patch at this time.
Comment 1 Maros Barabas 2006-08-02 14:46:15 UTC 
I use this configuration:

anonymous_enable=NO
local_enable=YES
guest_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
pam_service_name=vsftpd
listen=YES
chmod_enable=NO

Selinux option "Allow read/write" files in the user home directories" is set to NO

Everything is working fine

Option "local_root" represents a directory which vsftpd will try to change into
after a local login !!

My configuration uses implicit anonymous directory "/var/ftp". This you can
change with option "anon_root"