Virtual server admins able to ftp from anywhere

I think the chroot jail for the virtual server administrators must be broken. One of our clients just emailed me documents that he ftp’d from /root

Yikes!

He also uploaded to someone elses public_html folder. Double Yikes!!!

Where do I look for this problem?

If you’re using a chroot jail, then you’re not running a system configured as we’d recommend.

Or, do you mean you have enabled the DefaultRoot feature of ProFTPd and it’s not working? (Note that normal UNIX permissions should also prevent all of the things you’re describing. Even without the DefaultRoot feature in ProFTPd, and thus nothing even resembling a chroot, the things happening here are not normal.)

You haven’t given us a lot to go on here. Is the user a Virtualmin-created user? Does it have a weird UID (like 0)? Is it true of all FTP users? What’s in the log?

saying chroot jail was my mistake. A bit of newbie syndrome going on here.

I called the end-user and asked them where they were able to put the file. They said the ftp client they were using indicated success, but 0 file size. I scolded them for scaring me. They are merely able to download anything they have read permissions on, just like good ol’ unix is supposed to be :slight_smile:

I uncommented DefaultRoot in the proftpd.conf file and restarted the service. Perfect. Thanks for the tip, Joe. I hope the DefaultRoot option doesn’t change anything its not supposed to in virtualmin?

Nope, DefaultRoot is fine. It could even be the default, though we have a history of liking the UNIX Way, and trusting the system to have sane security. But, it’s probably sane to close it up a little bit just to make those newbies using FTP feel secure.

For some reason, folks often think that because they can see something, it means they can mess with it. Sort of a weird thought process. They don’t assume they can hack Google just because when they browse to Google.com they see a website. :wink: