Bug 265561

Summary: does not respect chroot when in ssl mode
Product: [Fedora] Fedora Reporter: Stephanos Manos <stefmanos>
Component: vsftpdAssignee: Maros Barabas <mbarabas>
Status: CLOSED NOTABUG QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: high Docs Contact:
Priority: medium    
Version: 7   
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: All   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-09-21 19:38:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Stephanos Manos 2007-08-29 21:36:19 UTC 
Description of problem:
When configuring vsftpd with ssl support it does not honor the chroot settings.
It always goes to the users home dir regardless of the settings and the user can
cd at any place in the system 

Version-Release number of selected component (if applicable):
vsftpd-2.0.5-16.fc7

How reproducible:
Always in ssl mode

Steps to Reproduce:
1. Install vsftpf
2. enable ssl
3. connect to the server
4. cd ..
  
Actual results:
The user is always to his home dir and can cd wherever he wants in the server

Expected results:
Depending on the settings 
1. if configured with chroot then the ability to move outside the home dir to be
diabled
2, if configured without chroot to be in /var/ftp

Additional info:
My vsftpd.conf

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES#
ftpd_banner=Welcome to my vsVTPd Server
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
banner_file=/etc/vsftpd/welcome.banner
anon_umask=077
pasv_enable=YES
local_root=/var/ftp
anon_max_rate=10485760
local_max_rate=0
max_clients=5
max_per_ip=1

#SSL Settings
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES

ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO

rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem
Comment 1 Maros Barabas 2007-08-30 13:56:59 UTC 
Beware, everyone in the file /etc/vsftpd/chroot_list has permission to cd
averywhere..

Try to use chroot without SSL enabled and after that enable it.

I can't reproduce this.
Thanks
Comment 2 Stephanos Manos 2007-09-21 19:38:06 UTC 
After fixing the iptables for correct external access (lo rules) an forcing
vsftp to use a specific port for pasv the problem is solved.
VSFTP actually respects the chroot.

So apologies for the noise.