ProFTPD module mod_vroot missing

Latest package of proftpd for CentOS 6 x86_64 wasn't compiled with the module mod_vroot. ProFTPD fails to start unless you add <IFModule mod_vroot> but then users will not be jailed to home directories. Was this on purpose or by mistake?

http://software.virtualmin.com/gpl/centos/6/x86_64/proftpd-1.3.5d-2.el6....

Status: 
Active

Comments

Howdy -- what line is it that's causing a problem with ProFTPd starting?

However, I don't believe that mod_vroot is something Virtualmin uses when jailing users with FTP. For example, the text "vroot" doesn't appear anywhere in the Virtualmin source.

So it should be safe to comment out any lines relating to mod_vroot.

# Cause every FTP user except adm to be chrooted into their home directory
# Aliasing /etc/security/pam_env.conf into the chroot allows pam_env to
# work at session-end time (http://bugzilla.redhat.com/477120)
VRootEngine on
DefaultRoot ~ !adm
VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf

Before updating to the latest proftpd package provided from the virtualmin repo everything was working fine. After updating it now fails to start complaining about the VRootEngine line because mod_vroot was not included in the latest package.

If I comment out the lines or add the ifmodule check then it will start but users are no longer locked to their home directories.

Adding DefaultRoot ~ will lock the users in their home directories but I'm not really sure what changed lol

What does VRootEngine do that DefaultRoot doesn't?

It looks like you may be removing one more line than needed... try commenting out just the lines beginning with "VRootEngine" and "VRootAlias".

Leave the "DefaultRoot" option enabled, and that should allow you to jail the ProFTPd users.

Yes I left DefaultRoot option enabled and it does jail the ftp users. I assumed the previous version of the virtualmin proftpd package was using mod_vroot since I believe that was the only package I had installed. I thought maybe someone forgot to included it in the latest version and I was trying to bring it to their attention. Maybe this will help someone else too. Thanks.

I don't think we ever depended on or configure mod_vroot in Virtualmin.

OK thank you. Must be my mistake then.