1

I know the DefaultRoot ~ setting that you can use to jail users into their home directories but I need to customize this.

When authenticating with proftpd I get the user's home-directory from ldap via auth-pam. I have no control over what the home-directory path will be but I need them to be on my glusterfs which is a fusemount I have in /mnt/glusterfs.

What I would love to have is that if I get a user's home as /some/directory that proftpd would jail them into /mnt/glusterfs/some/directory

So basically I'd like to have something like DefaultRoot /base/path/~

If you guys (and or gals) can think of any solution be it modifying code or whatever creative solution I'd be glad to hear it.

thanks in advance

PhilippN
  • 25
  • 4

2 Answers2

0

If your users' normal home directories include the user name, e.g. "/home/foo" for user "foo", then you might be able to use something like this:

DefaultRoot /mnt/glusterfs/home/%u

That %u variable will be resolved to the authenticated user name.

Another, more sophisticated approach is to use the mod_rewrite module and the RewriteHome directive; the RewriteHome directive documentation contains an example of what your regex/substitution might look like. And the RewriteHome functionality applies regardless of the source of the home directory, be it LDAP, system functions, etc.

Hope this helps!

Castaglia
  • 277
  • 4
  • 11
  • This would work but doesn't cover the use-case where ftp users have shared homedirectories which was something I had to deal with. – PhilippN Oct 20 '16 at 13:10
  • Ah, OK. I've updated my answer with another approach which might help as well. – Castaglia Oct 20 '16 at 17:18
0

You can use following directives to create the base path for all the ftp-users. This will restrict users to this path only

LDAPGenerateHomedir on
LDAPForceGeneratedHomedir on
LDAPGenerateHomedirPrefix /mnt/glusterfs/some/directory/
Pawan
  • 103
  • 1
  • 5
  • I accepted this because it solves the problem. However it requires proftpd to use mod_ldap instead of pam auth. – PhilippN Oct 20 '16 at 13:09