23 Oct
2006
23 Oct
'06
7:32 p.m.
Hello,
I've got a dovecot setup using PAM and real system users. In this setup I also use pure-ftpd to give local users ftp access to their $HOMEs. To have pure-ftpd chroot into the user home i replaced /home/user with /home/user/./ in /etc/passwd. Unfortunately this breaks Dovecot this way:
Oct 23 18:18:20 localhost dovecot: Invalid chroot directory '/home/foo' (user foo) (see valid_chroot_dirs in config file)
and dovecot.conf says
':' separated list of directories under which chrooting is allowed for
processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar
too).
This setting doesn't affect login_chroot or auth_chroot variables.
WARNING: Never add directories here which local users can modify, that
may lead to root exploit. Usually this should be done only if you
don't
allow shell access for users. See doc/configuration.txt for more
information. #valid_chroot_dirs =
Now if I set
valid_chroot_dirs = /home
everything works, but the WARNING pretty much scares me since user foo HAS shell access. Is this safe? Is there a way to avoid this? Why I can't chroot to /home/foo/./ if I can to /home/foo ?
I'm on 1.0rc10
thanks