0
I use proftpd to host an FTP server. By default, all users are chrooted to /var/ftp/%u (where %u is their username). This is done by using the DefaultRoot directive.
I now have a need to provide an "admin" user that can login and crawl the entire tree, starting in /var/ftp. I can't seem to find a way to bypass the DefaultRoot directive. Is it possible?
GregB
Posted 2012-02-28T20:58:16.583
Reputation: 187
0
I searched all of the proftpd directives and was not able to find a solution that worked with LDAP users. To work around this, I created a second VirtualHost that listens on a different port than the main VirtualHost. The new VirtualHost authenticates against a different LDAP group than the main one, and chroots users to /var/ftp.
I did have to add a 'DefaultChdir /var/ftp' entry to the new VirtualHost so that admin users would start in /var/ftp instead of /var/ftp/%u.
GregB
Posted 2012-02-28T20:58:16.583
Reputation: 187
0
Yes it is. If you'd read the documentation you'd see that if group name is prepended with "!" then DefaultRoot is not enabled for that group.
DefaultRoot ~ !admin
r00m
Posted 2012-02-28T20:58:16.583
Reputation: 641
I did read the documentation. What I did not do is specify that I am using the mod_ldap module. The group option applies to groups in /etc/passwd, but I'm using LDAP users that don't have a UID, or a GID. When I tried using the group flag, it ignored my LDAP groups. – GregB – 2012-03-01T00:00:39.833
This is the best solution I could come up with. I'll leave the question unsolved for awhile in case someone else has a better answer. – GregB – 2012-03-01T00:05:59.140