Solved [SOLVED]Attempting to chroot FTP accounts, ran into problems

rekabis · Feb 11, 2014

I have been trying to chroot my FTP accounts so that,

they are unique to the web site they are meant to service, even though I own and control both the iron and the sites
their base directories are the root of the corresponding web site.

To this end, I have used this article on chrooting ftp accounts, but I have run into an issue with some of the instructions at the very end.

Some background info:

The base ftpchroot directory is /var/www.
The FTP username for each site is its whole URL (http://www.domain.com).
The home directory is a bit more complicated: /var/www/./domain/com/www (essentially, domain/tld/subdomain, to allow multiple subdomains under complimentary TLDs).
I am running FreeBSD 10-RELEASE with Apache 2.4

My problem comes with the second to last code box at the bottom of the article that I referenced above. The description goes as such:

Create a dummy passwd file for all ftpchroot users and generate a passwd database from it and copy over the system group file to the chroot etc

Code:

while IFS=: read user x uid gid x; do
  if [ "$gid" = "15" ]; then
    echo $user:*:$uid:$gid:::::: >> /tmp/passwd
  fi
done < /etc/passwd

pwd_mkdb -d /usr/local/ftpchroot/etc /tmp/passwd
rm /usr/local/etc/ftpchroot/etc/master.passwd
rm /usr/local/etc/ftpchroot/etc/spwd.db
cp /etc/group /usr/local/etc/ftpchroot/etc
chmod 555 /usr/local/etc/ftpchroot/etc
chmod 444 /usr/local/etc/ftpchroot/etc/*

Problem is, for me the information here is inadequate. Do I create a file /tmp/passwd and put into it the code in the first half of the quoted code above? If so, the very next terminal command ( pwd_mkdb) fails with

Code:

pwd_mkdb: /tmp/passwd: Inappropriate file type or format

Any help would be greatly appreciated.

worldi · Feb 12, 2014

Re: Attempting to chroot ftp accounts, ran into problems

rekabis said:
Do I create a file /tmp/passwd and put into it the code in the first half of the quoted code above?

No. Simply type this whole while ... done < /etc/passwd thing into your shell. Line by line. It's a loop that creates a new user database file with all the FTP users. Note that the prompt will probably change after the first line. That's fine. It's the shell's way of telling you it recognized that this is a loop. The prompt will return back to normal after the done ... line.

There's even documentation for this (pwd_mkdb(), passwd(5), sh(), etc). Problem is, nobody reads it...

rekabis · Feb 12, 2014

Re: Attempting to chroot ftp accounts, ran into problems

worldi said:
No. Simply type this whole while ... done < /etc/passwd thing into your shell. Line by line.

Whoa, that was… new. I never knew you could do that. I got FTP up and running properly chrooted to the desired directories.

Thank you.