Join Log in
Score:0
Arthur Deslauriers avatar Server

VSFTPD - Issue with chroot and s3fs

tn flag
Arthur Deslauriers

I have a small issue with VSFTPD, and I'm not able to resolve it yet, so I'm coming here to get your tips !

The user has a ftp directory in its home, which is a mount point through s3fs, to access a S3 bucket. Settings to start my s3fs :

s3fs mybucket -o dbglevel=info -f -o curldbg -o url=https://s3-eu-central-1.amazonaws.com -o use_cache=/tmp/myuser -o use_path_request_style -o uid=UID-of-my-user -o gid=GID-of-my-user /home/user/ftp/

Content of the home directory, with permissions :

4 drwxr-xr-x 4 user nfsnobody 4096 Aug 10 08:19 .
4 drwxr-xr-x 7 root    root      4096 Aug 11 07:31 ..
4 -rw------- 1 user usergroup   1750 Aug 11 10:27 .bash_history
4 drwxrwxr-x 3 user usergroup   4096 Aug 10 08:17 .local
4 -rw------- 1 user usergroup   62 Aug 10 08:18 .passwd-s3fs
4 drwxrwxr-x 2 user usergroup   4096 Aug 11 10:28 ftp

Wide settings on the ftp directory, as I tried a lot of things to find a solution, will fix it later.

When I start s3fs, the permissions for the ftp directory are modified :

1 drwx------ 1 user usergroup      0 Jan  1  1970 ftp

My vsftpd.conf :

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
#chroot_local_user=YES
#allow_writeable_chroot=YES
#user_sub_token=\$USER
#local_root=/home/\$USER/ftp
listen=YES
pam_service_name=vsftpd
tcp_wrappers=YES
pasv_min_port=40000
pasv_max_port=50000
pasv_address=3.124.254.185
userlist_file=/etc/vsftpd.userlist
userlist_enable=YES
userlist_deny=NO
xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log

As you can see, the settings for chroot are disabled for the moment. My user is in the vsftp.userlist file

If I try to log in with that config, it works, I can log in, go into the ftp directory and do whatever I have to do. However, if I enforce the chroot config, I do have the following error message :

500 OOPS: cannot change directory:/home/user/ftp

I am clueless on what to do now. I really need the user to go directly into the ftp directory, as the app that will use this FTP user is verrrrry old and cannot be configured otherwise.

Any idea ?

15
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.