Re: chrooted ftpd?

[David Holland <dholland-tech%netbsd.org@localhost>]

On Wed, Jun 22, 2011 at 09:50:30PM -0400, der Mouse wrote:
 > I'm trying to set up a chrooted FTP area for internal use.  I'm running
 > into roadblock after roadblock, and have finally reached the point
 > where I'm beginning to wonder if I'm going about this wrong.
 > [...]

As Christos pointed out, the traditional ftp is intended to run as
root so it can itself do chroot() calls. Otherwise, ftpchroot isn't
going to accomplish much.

 > (Turns out an entry in ftpchroot doesn't allow access
 > without an entry in ftpusers too.)

That sounds like a condition that should be logged, because it's a
config error. But probably it never gets as far as even opening
ftpchroot.

 > Then it wouldn't authenticate because it couldn't read the password
 > hash.  So I did a chmod 644 of spwd.db and master.passwd in the chroot.
 > It *still* wouldn't authenticate.
 > 
 > Turns out getpwent() refuses to even _try_ to read spwd.db unless
 > geteuid() returns zero!!  And, as far as I can tell, ftpd has no way to
 > have it use anything but getpwent() to get passwords.

I expect the intent was to protect fools who write their own code
using getpwent, run it unprivileged, and try to chmod 644 to make it
work without thought for the consequences. Seems misguided though as
that grade of fool will just do chmod +s instead.

You might be able to use nsswitch.conf to have it get passwords from
elsewhere, although I don't think there any of the currently supported
alternate methods are simple.

-- 
David A. Holland
dholland%netbsd.org@localhost