Bug 198672 - Home directory is accessed even if local_root is given
Home directory is accessed even if local_root is given
Product: Fedora
Classification: Fedora
Component: vsftpd (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Maros Barabas
Mike McLean
Depends On:
  Show dependency treegraph
Reported: 2006-07-12 13:30 EDT by Jason Tibbitts
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-08-02 10:47:11 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jason Tibbitts 2006-07-12 13:30:43 EDT
I'm running into a problem with vsftpd which could be considered a bug depending
on how you look at things.  Since it's Fedora and selinux related, I thought I'd
bring it up here before bothering the overburdened upstream maintainer.

The base issue is that I have regular users with FTP access but they don't get
access to their home directories.  Instead, I use local_root and user_sub_token
to restrict them into a specific FTP directory.  (The value of chroot_local_user
does  not affect the outcome here.)  I have selinux on and configured so that
the FTP daemon has no access to user home directories, since it doesn't need it
in this configuration.

Unfortunately when a user logs in, vsftpd will first chdir to their home
directory and then immediately chdir to the place defined by local_root.  It
doesn't do anything in their home directory, and looking there is completely
pointless.  It is also forbidden by selinux, and so the FTP session aborts at login.

If I hack the source to not fail when the needless chdir happens, everything
works fine.  Unfortunately I haven't investigated the impact of this change on
other configurations so I can't suggest a patch at this time.
Comment 1 Maros Barabas 2006-08-02 10:46:15 EDT
I use this configuration:


Selinux option "Allow read/write" files in the user home directories" is set to NO

Everything is working fine

Option "local_root" represents a directory which vsftpd will try to change into
after a local login !!

My configuration uses implicit anonymous directory "/var/ftp". This you can
change with option "anon_root"

Note You need to log in before you can comment on or make changes to this bug.