[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[suse-security] Chroot or not for vsftpd



Hi,

I am planning to install Vsftpd (vsftpd-1.1.0-3.i386.rpm) for SuSE 7.3
running SuSE compiled kernel 2.2.19. which will allow anonymous uploads
also

The machine has private IP and will be behind SuSE ftp-proxy. The
default looks it needs to be run from inetd /xinetd. Here is what I have
in mind a) run it as standalone b) use Marc Heuse's compartment to run it in a chroot environment
c) use the ftpdir package of SuSE which is also in the chrooted
environment where vsftd runs
First of all is this overkill ? If not then I do not understand the
following

1) The ftpdir package has passwd file (/usr/local/ftp/etc)

root:x:0:0:Super User:/root:/bin/bash

My understanding is it is now chrooted to "/usr/local/ftp" and since
there is no "bash" under the bin directory what is the reasoning behind
it. Why not use "false" and provide "false" executable under the bin
directory ? 2) Why user root and not "ftp" for instance

Thoughts, ideas appreciated

Thanks
--

Togan Muftuoglu
Unofficial SuSE FAQ Maintainer
http://dinamizm.ath.cx



--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here