• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solved [SOLVED]Attempting to chroot FTP accounts, ran into problems

rekabis

Member


Messages: 32

#1
I have been trying to chroot my FTP accounts so that,

  1. they are unique to the web site they are meant to service, even though I own and control both the iron and the sites
  2. their base directories are the root of the corresponding web site.

To this end, I have used this article on chrooting ftp accounts, but I have run into an issue with some of the instructions at the very end.

Some background info:
  • The base ftpchroot directory is /var/www.
  • The FTP username for each site is its whole URL (http://www.domain.com).
  • The home directory is a bit more complicated: /var/www/./domain/com/www (essentially, domain/tld/subdomain, to allow multiple subdomains under complimentary TLDs).
  • I am running FreeBSD 10-RELEASE with Apache 2.4

My problem comes with the second to last code box at the bottom of the article that I referenced above. The description goes as such:

Create a dummy passwd file for all ftpchroot users and generate a passwd database from it and copy over the system group file to the chroot etc

Code:
while IFS=: read user x uid gid x; do
  if [ "$gid" = "15" ]; then
    echo $user:*:$uid:$gid:::::: >> /tmp/passwd
  fi
done < /etc/passwd

pwd_mkdb -d /usr/local/ftpchroot/etc /tmp/passwd
rm /usr/local/etc/ftpchroot/etc/master.passwd
rm /usr/local/etc/ftpchroot/etc/spwd.db
cp /etc/group /usr/local/etc/ftpchroot/etc
chmod 555 /usr/local/etc/ftpchroot/etc
chmod 444 /usr/local/etc/ftpchroot/etc/*
Problem is, for me the information here is inadequate. Do I create a file /tmp/passwd and put into it the code in the first half of the quoted code above? If so, the very next terminal command ( pwd_mkdb) fails with
Code:
pwd_mkdb: /tmp/passwd: Inappropriate file type or format
Any help would be greatly appreciated.
 

worldi

Active Member

Thanks: 21
Messages: 189

#2
Re: Attempting to chroot ftp accounts, ran into problems

rekabis said:
Do I create a file /tmp/passwd and put into it the code in the first half of the quoted code above?
No. Simply type this whole while ... done < /etc/passwd thing into your shell. Line by line. It's a loop that creates a new user database file with all the FTP users. Note that the prompt will probably change after the first line. That's fine. It's the shell's way of telling you it recognized that this is a loop. The prompt will return back to normal after the done ... line.

There's even documentation for this (pwd_mkdb(), passwd(5), sh(), etc). Problem is, nobody reads it... ;)
 

rekabis

Member


Messages: 32

#3
Re: Attempting to chroot ftp accounts, ran into problems

worldi said:
No. Simply type this whole while ... done < /etc/passwd thing into your shell. Line by line.
Whoa, that was… new. I never knew you could do that. I got FTP up and running properly chrooted to the desired directories.

Thank you.