how to show symlinks in pureftpd?

Discussion in 'Tips/Tricks/Mods' started by radim_h, Sep 12, 2010.

  1. radim_h

    radim_h Member

    Hello,
    does anyone how to make pureftpd show symlinks? i cannot google anything.
    I want users to see directory /log which pureftd does not show..

    here http://www.pureftpd.org/project/pure-ftpd they say
    Symbolic links can be followed when users are chrooted, even when they are pointing out of the chroot jail. This unique feature makes shared content easy to set up.
    but i think users are chrooted ?
     
    Last edited: Sep 12, 2010
  2. falko

    falko Super Moderator ISPConfig Developer

  3. radim_h

    radim_h Member

  4. falko

    falko Super Moderator ISPConfig Developer

    If you are on Debian/Ubuntu, you can try this:

    Code:
    echo "yes" > /etc/pure-ftpd/conf/virtualchroot
    (I don't know if it works, I haven't tested it.)
     
  5. radim_h

    radim_h Member

    this is list of my directories in
    root@web2:/etc/pure-ftpd/conf# ls -la
    total 72
    drwxr-xr-x 2 root root 4096 2010-08-20 11:08 .
    drwxr-xr-x 5 root root 4096 2010-07-27 23:27 ..
    -rw-r--r-- 1 root root 36 2009-11-07 19:56 AltLog
    -rw-r--r-- 1 root root 4 2010-08-17 18:27 BrokenClientsCompatibility
    -rw-r--r-- 1 root root 4 2010-08-17 18:27 ChrootEveryone
    -rw-r--r-- 1 root root 4 2010-08-17 18:27 DisplayDotFiles
    -rw-r--r-- 1 root root 4 2010-07-27 23:36 DontResolve
    -rw-r--r-- 1 root root 6 2009-11-07 19:56 FSCharset
    -rw-r--r-- 1 root root 4 2010-08-20 11:05 MaxClientsNumber
    -rw-r--r-- 1 root root 3 2010-08-20 11:05 MaxClientsPerIP
    -rw-r--r-- 1 root root 5 2009-11-07 19:56 MinUID
    -rw-r--r-- 1 root root 29 2009-11-08 05:31 MySQLConfigFile
    -rw-r--r-- 1 root root 4 2009-11-07 19:56 NoAnonymous
    -rw-r--r-- 1 root root 4 2009-11-07 19:56 PAMAuthentication
    -rw-r--r-- 1 root root 12 2010-08-19 22:54 PassivePortRange
    -rw-r--r-- 1 root root 28 2009-11-07 19:56 PureDB
    -rw-r--r-- 1 root root 2 2010-08-19 23:07 TLS
    -rw-r--r-- 1 root root 3 2009-11-07 19:56 UnixAuthentication

    echo "yes" > /etc/pure-ftpd/conf/virtualchroot

    root@web2:/etc/pure-ftpd/conf# /etc/init.d/pure-ftpd-mysql restart
    Restarting ftp server: /usr/sbin/pure-ftpd-wrapper: Invalid configuration file /etc/pure-ftpd/conf/virtualchroot: No corresponding directive

    this happens also if filename is VirtualChroot, same thing if ChrootEveryone = yes (tried also with this file removed)
     
    Last edited: Sep 14, 2010
  6. falko

    falko Super Moderator ISPConfig Developer

    Ok, this doesn't work then. Please delete /etc/pure-ftpd/conf/virtualchroot to make PureFTPd start again.
     
  7. radim_h

    radim_h Member

    i tried more, virtualchroot Off is wrong, user then can follow link and leave his chroot directory which is bad...
    ProFTPD, ProFTPD, ProFTPD, ProFTPD, ProFTPD, ProFTPD, ! .o)
     
    Last edited: Jan 12, 2011
  8. shen

    shen New Member

    Hi,

    did anyone find a solution for that? As backups ars stored outside the users directories, but are symlinked there, FTP users cannot access their backups right now.

    I really need a solution for my users to access their backup files.

    Thanks
    Stefan
     
  9. radim_h

    radim_h Member

    i was stupid, i had VIRTUALCHROOT=yes instead of VIRTUALCHROOT=true
    in config :)


    /etc/default/pure-ftpd-common has to look like this :
    # Configuration for pure-ftpd
    # (this file is sourced by /bin/sh, edit accordingly)

    # STANDALONE_OR_INETD
    # valid values are "standalone" and "inetd".
    # Any change here overrides the setting in debconf.
    STANDALONE_OR_INETD=standalone

    # VIRTUALCHROOT:
    # whether to use binary with virtualchroot support
    # valid values are "true" or "false"
    # Any change here overrides the setting in debconf.
    VIRTUALCHROOT=true

    # UPLOADSCRIPT: if this is set and the daemon is run in standalone mode,
    # pure-uploadscript will also be run to spawn the program given below
    # for handling uploads. see /usr/share/doc/pure-ftpd/README.gz or
    # pure-uploadscript(8)

    # example: UPLOADSCRIPT=/usr/local/sbin/uploadhandler.pl
    UPLOADSCRIPT=

    # if set, pure-uploadscript will spawn $UPLOADSCRIPT running as the
    # given uid and gid
    UPLOADUID=
    UPLOADGID=


    everything works fine now :)
     
  10. radim_h

    radim_h Member

    Just to complete this, someone can use it, passive ports or TLS or whatever

    --with-virtualchroot is compiled by default on Ubuntu 10.0.4 LTS and other binary packages, that Ubuntu TLS bug is gone after last update (01/11)

    My directory /etc/pure-ftpd/conf - Values inside files
    AltLog - clf:/var/log/pure-ftpd/transfer.log
    BrokenClientsCompatibility - yes
    ChrootEveryone - yes (important!)
    DisplayDotFiles - yes
    DontResolve - yes
    FSCharset - UTF-8
    MaxClientsNumber - 200
    MaxClientsPerIP - 10
    MinUID - 1000
    MySQLConfigFile - /etc/pure-ftpd/db/mysql.conf
    NoAnonymous - yes
    PAMAuthentication - yes
    PassivePortRange - 60001 60200 (pickup any range you want, don't forget to set in firewall)
    PureDB - /etc/pure-ftpd/pureftpd.pdb
    TLS - 1
    UnixAuthentication - no
     
    Last edited: Jan 19, 2011
  11. radim_h

    radim_h Member

  12. Bookworm

    Bookworm New Member

    For a real solution to this, here's the _correct_ way to do it.

    First, an explanation.

    pure-ftpd-mysql calls a wrapper to the main command. That wrapper is pure-ftpd-wrapper, normally found in /usr/sbin.

    In that file, you can see a list of the option/configuration files it looks for. One of which is TrustedGID.

    If the user you wish to have granted full access (this must be a REAL USER, not a virtual one) is part of the adm group, for example, look up the GID in /etc/group for the adm group (4 is normal)

    Then, you simply need to type 'echo 4 >/etc/pure-ftpd/conf/TrustedGID' and then reset pure-ftpd. Now, anyone in the adm group will be allowed the ability to break out of the chroot.

    This is the actual answer to the initial question, rather than a list of workarounds, reasons for not doing it, or deliberate misunderstandings :)
     

Share This Page