Red Hat Bugzilla – Bug 198672
Home directory is accessed even if local_root is given
Last modified: 2007-11-30 17:11:37 EST
I'm running into a problem with vsftpd which could be considered a bug depending
on how you look at things. Since it's Fedora and selinux related, I thought I'd
bring it up here before bothering the overburdened upstream maintainer.
The base issue is that I have regular users with FTP access but they don't get
access to their home directories. Instead, I use local_root and user_sub_token
to restrict them into a specific FTP directory. (The value of chroot_local_user
does not affect the outcome here.) I have selinux on and configured so that
the FTP daemon has no access to user home directories, since it doesn't need it
in this configuration.
Unfortunately when a user logs in, vsftpd will first chdir to their home
directory and then immediately chdir to the place defined by local_root. It
doesn't do anything in their home directory, and looking there is completely
pointless. It is also forbidden by selinux, and so the FTP session aborts at login.
If I hack the source to not fail when the needless chdir happens, everything
works fine. Unfortunately I haven't investigated the impact of this change on
other configurations so I can't suggest a patch at this time.
I use this configuration:
Selinux option "Allow read/write" files in the user home directories" is set to NO
Everything is working fine
Option "local_root" represents a directory which vsftpd will try to change into
after a local login !!
My configuration uses implicit anonymous directory "/var/ftp". This you can
change with option "anon_root"