[Dovecot] valid_chroot_dirs question

23 Oct 2006


      Hello,
I've got a dovecot setup using PAM and real system users. In this setup
I also use pure-ftpd to give local users ftp access to their $HOMEs.
To have pure-ftpd chroot into the user home i replaced /home/user
with /home/user/./ in /etc/passwd. Unfortunately this breaks Dovecot
this way:
Oct 23 18:18:20 localhost dovecot: Invalid chroot directory
'/home/foo' (user foo) (see valid_chroot_dirs in config file)
and dovecot.conf says
':' separated list of directories under which chrooting is allowed for
mail
processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar
too).
This setting doesn't affect login_chroot or auth_chroot variables.
WARNING: Never add directories here which local users can modify, that
may lead to root exploit. Usually this should be done only if you
don't
allow shell access for users. See doc/configuration.txt for more
information.
#valid_chroot_dirs =
Now if I set
valid_chroot_dirs = /home
everything works, but the WARNING pretty much scares me since user foo
HAS shell access. Is this safe? Is there a way to avoid this? Why I
can't chroot to /home/foo/./ if I can to /home/foo ?
I'm on 1.0rc10
thanks

[Dovecot] valid_chroot_dirs question

Luca Corti

':' separated list of directories under which chrooting is allowed for

processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar

This setting doesn't affect login_chroot or auth_chroot variables.

WARNING: Never add directories here which local users can modify, that

may lead to root exploit. Usually this should be done only if you

allow shell access for users. See doc/configuration.txt for more