Submitted by Jun1oR on Tue, 05/09/2017 - 10:16
Latest package of proftpd for CentOS 6 x86_64 wasn't compiled with the module mod_vroot. ProFTPD fails to start unless you add <IFModule mod_vroot> but then users will not be jailed to home directories. Was this on purpose or by mistake?
http://software.virtualmin.com/gpl/centos/6/x86_64/proftpd-1.3.5d-2.el6....
Status:
Active
Comments
Submitted by andreychek on Tue, 05/09/2017 - 10:42 Comment #1
Howdy -- what line is it that's causing a problem with ProFTPd starting?
However, I don't believe that mod_vroot is something Virtualmin uses when jailing users with FTP. For example, the text "vroot" doesn't appear anywhere in the Virtualmin source.
So it should be safe to comment out any lines relating to mod_vroot.
Submitted by Jun1oR on Tue, 05/09/2017 - 11:23 Comment #2
# Cause every FTP user except adm to be chrooted into their home directory# Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to
# work at session-end time (http://bugzilla.redhat.com/477120)
VRootEngine on
DefaultRoot ~ !adm
VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf
Before updating to the latest proftpd package provided from the virtualmin repo everything was working fine. After updating it now fails to start complaining about the VRootEngine line because mod_vroot was not included in the latest package.
If I comment out the lines or add the ifmodule check then it will start but users are no longer locked to their home directories.
Adding
DefaultRoot ~will lock the users in their home directories but I'm not really sure what changed lolSubmitted by JamieCameron on Tue, 05/09/2017 - 12:37 Comment #3
What does
VRootEnginedo thatDefaultRootdoesn't?Submitted by andreychek on Tue, 05/09/2017 - 13:31 Comment #4
It looks like you may be removing one more line than needed... try commenting out just the lines beginning with "VRootEngine" and "VRootAlias".
Leave the "DefaultRoot" option enabled, and that should allow you to jail the ProFTPd users.
Submitted by Jun1oR on Wed, 05/10/2017 - 11:39 Comment #5
Yes I left DefaultRoot option enabled and it does jail the ftp users. I assumed the previous version of the virtualmin proftpd package was using mod_vroot since I believe that was the only package I had installed. I thought maybe someone forgot to included it in the latest version and I was trying to bring it to their attention. Maybe this will help someone else too. Thanks.
Submitted by JamieCameron on Wed, 05/10/2017 - 12:50 Comment #6
I don't think we ever depended on or configure mod_vroot in Virtualmin.
Submitted by Jun1oR on Thu, 05/11/2017 - 09:29 Comment #7
OK thank you. Must be my mistake then.