Re: [gentoo-user] ftpd doesn't show any contents
Gerhard W. Gruber wrote: On Fri, 06 Feb 2004 21:12:00 +0100, Arne Vogel <[EMAIL PROTECTED]> wrote: Also, it seems the linker requires these libraries to be referenced via symlinks just as in your ordinary /lib directory. You should be able to just do a "cp -dp /lib/libnss* lib" (from inside the chrroot-directory) to make all the NSS libraries available to the chrooted environment. Do *not* use ln, as that kind of defeats the purpose of the chroot environment (an attacker could open the hard-linked library for write access, and thus compromise your global /lib directory). Maybe one day Linux'll support copy-on-write for hard-linked files... :-) Now it works for anonymous. But I still have the problem of being blind when logging in as normal user. It seems that I have to createt his entire environment for all users I want to be accessible via ftp. I don't really like that, but having anonymous access is sufficient for now. Or is there some way to create a universal chroot environment? Hmm... I don't know. "info ftpd" may help. BTW: Doing the libs with ln doesn't work anyway, because when you do a chroot, then the root directory is set to the one you specified. So if you have this in your normal environment /lib/libc.so /home/ftp/lib/libc.so -> /lib/libc.so it will in truth point to /home/ftp/lib/libc.so as soon as you do the chroot. Symlinks will not work, of course, but hard links would. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ftpd doesn't show any contents
On Fri, 06 Feb 2004 21:12:00 +0100, Arne Vogel <[EMAIL PROTECTED]> wrote: >Also, it seems the linker requires these libraries to be referenced via >symlinks just as in >your ordinary /lib directory. You should be able to just do a "cp -dp >/lib/libnss* lib" (from inside >the chrroot-directory) to make all the NSS libraries available to the >chrooted environment. >Do *not* use ln, as that kind of defeats the purpose of the chroot >environment (an attacker >could open the hard-linked library for write access, and thus compromise >your global /lib >directory). Maybe one day Linux'll support copy-on-write for hard-linked >files... :-) Now it works for anonymous. But I still have the problem of being blind when logging in as normal user. It seems that I have to createt his entire environment for all users I want to be accessible via ftp. I don't really like that, but having anonymous access is sufficient for now. Or is there some way to create a universal chroot environment? BTW: Doing the libs with ln doesn't work anyway, because when you do a chroot, then the root directory is set to the one you specified. So if you have this in your normal environment /lib/libc.so /home/ftp/lib/libc.so -> /lib/libc.so it will in truth point to /home/ftp/lib/libc.so as soon as you do the chroot. Thanks for your help. -- Gerhard Gruber Maintainer of SoftICE for Linux - http://pice.sourceforge.net/ Fast application launcher - http://sourceforge.net/projects/launchmenu -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ftpd doesn't show any contents
On Fri, 06 Feb 2004 12:22:19 -0700, Dan Egli <[EMAIL PROTECTED]> wrote: >Which FTPD are you using? wu-ftpd? ncftpd? vsftpd? proftpd? ftpd. the one you get with emerge ftpd. -- Gerhard Gruber Maintainer of SoftICE for Linux - http://pice.sourceforge.net/ Fast application launcher - http://sourceforge.net/projects/launchmenu -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ftpd doesn't show any contents
Gerhard W. Gruber wrote: On Fri, 6 Feb 2004 10:44:30 -0800 (PST), "Eric Paynter" <[EMAIL PROTECTED]> wrote: Is that 555 for files and 511 for directories? Try 555 for all, and if that fixes it we can work on getting more restrictive. I now tried 777 and I have still this problem. but I dont thin it is the permssion. I just tried manually to chroot /home/ftp and I get the errormessage chroot: /bin/bash : no such file or directory. Looks like one or more shared libraries are missing. Use "ldd /bin/bash" (rsp. /bin/ls) to see what bash/ls requires. Additionally, there are some libraries that are *not* listed by ldd - at least /lib/libnss* stuff. The glibc requires them, but bypasses "normal" dynamic linking so ldd doesn't know about them. Using something like "strace chroot . /bin/bash" should help figuring out which libraries are still missing. Also, it seems the linker requires these libraries to be referenced via symlinks just as in your ordinary /lib directory. You should be able to just do a "cp -dp /lib/libnss* lib" (from inside the chrroot-directory) to make all the NSS libraries available to the chrooted environment. Do *not* use ln, as that kind of defeats the purpose of the chroot environment (an attacker could open the hard-linked library for write access, and thus compromise your global /lib directory). Maybe one day Linux'll support copy-on-write for hard-linked files... :-) (snip) -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ftpd doesn't show any contents
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gerhard W. Gruber wrote: | On Fri, 6 Feb 2004 10:44:30 -0800 (PST), "Eric Paynter" <[EMAIL PROTECTED]> | wrote: | | |>Is that 555 for files and 511 for directories? Try 555 for all, and |>if that fixes it we can work on getting more restrictive. | | | I now tried 777 and I have still this problem. but I dont thin it is the | permssion. | I just tried manually to chroot /home/ftp and I get the errormessage | chroot: /bin/bash : no such file or directory. | | /bin/bash certainly exists and the the /home/ftp directory also exists. I | think if I can fix this, then ftp will also work because the manpage says it | uses chroot. | | In the passwd file the ftp users has /bin/false as the shell. I changed that | but to no effect, but I'm not sure if I should change this in the shadow as | well. | | One other thing. The man page says i should copy a statically linked ls to | /home/ft/bin. I simply copied the /bin/ls command there, but I guess this is | not statically linked, so this could be the problem because it can not execute | ls. | Where can I get a statically linked ls? | Which FTPD are you using? wu-ftpd? ncftpd? vsftpd? proftpd? - --- Dan -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFAI+lrtwT22Jak4/4RAvwFAKC9DKQ4L3Aze/bbnKS0BrO+B9K0ZwCg3mZo bAE1xdvLFODL5UYDBRhCvKM= =9ZDd -END PGP SIGNATURE- -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ftpd doesn't show any contents
On Fri, 06 Feb 2004 20:07:13 +0100, Arne Vogel <[EMAIL PROTECTED]> wrote: >Set all the directories to 555. 511 will give only execute permissions to >other users (e.g. the user as which ftpd runs), which means they can change >into those directories, but not list the files in them. This seems to be >exactly your problem. No. See my other post I just sent. I already tried with 777 and it still doesn't help. -- Gerhard Gruber Maintainer of SoftICE for Linux - http://pice.sourceforge.net/ Fast application launcher - http://sourceforge.net/projects/launchmenu -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ftpd doesn't show any contents
On Fri, 6 Feb 2004 10:44:30 -0800 (PST), "Eric Paynter" <[EMAIL PROTECTED]> wrote: >Is that 555 for files and 511 for directories? Try 555 for all, and >if that fixes it we can work on getting more restrictive. I now tried 777 and I have still this problem. but I dont thin it is the permssion. I just tried manually to chroot /home/ftp and I get the errormessage chroot: /bin/bash : no such file or directory. /bin/bash certainly exists and the the /home/ftp directory also exists. I think if I can fix this, then ftp will also work because the manpage says it uses chroot. In the passwd file the ftp users has /bin/false as the shell. I changed that but to no effect, but I'm not sure if I should change this in the shadow as well. One other thing. The man page says i should copy a statically linked ls to /home/ft/bin. I simply copied the /bin/ls command there, but I guess this is not statically linked, so this could be the problem because it can not execute ls. Where can I get a statically linked ls? -- Gerhard Gruber Maintainer of SoftICE for Linux - http://pice.sourceforge.net/ Fast application launcher - http://sourceforge.net/projects/launchmenu -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ftpd doesn't show any contents
Gerhard W. Gruber wrote: On Fri, 6 Feb 2004 09:56:04 -0800 (PST), "Eric Paynter" <[EMAIL PROTECTED]> wrote: Check the permissions of the directory. Also, as I discovered recently, some ftp servers won't list files > 2GB, but that's probably not the problem you have here. I'd focus on permissions first. I set the directories according to the help to 555 and 511. Set all the directories to 555. 511 will give only execute permissions to other users (e.g. the user as which ftpd runs), which means they can change into those directories, but not list the files in them. This seems to be exactly your problem. -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ftpd doesn't show any contents
Gerhard W. Gruber said: > On Fri, 6 Feb 2004 09:56:04 -0800 (PST), "Eric Paynter" > <[EMAIL PROTECTED]> wrote: > I set the directories according to the help to 555 and 511. > Is that 555 for files and 511 for directories? Try 555 for all, and if that fixes it we can work on getting more restrictive. -Eric -- arctic bears - email and name services 25 email [EMAIL PROTECTED] CA$11.95/month DNS starting at CA$3.49/month - domains from CA$25.95/year for details contact [EMAIL PROTECTED] or visit http://www.arcticbears.com -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ftpd doesn't show any contents
On Fri, 6 Feb 2004 09:56:04 -0800 (PST), "Eric Paynter" <[EMAIL PROTECTED]> wrote: >Check the permissions of the directory. Also, as I discovered >recently, some ftp servers won't list files > 2GB, but that's >probably not the problem you have here. I'd focus on permissions >first. I set the directories according to the help to 555 and 511. -- Gerhard Gruber Maintainer of SoftICE for Linux - http://pice.sourceforge.net/ Fast application launcher - http://sourceforge.net/projects/launchmenu -- [EMAIL PROTECTED] mailing list
Re: [gentoo-user] ftpd doesn't show any contents
Gerhard W. Gruber said: > When I log in to it, I don't see any files or directories. I can > cd to a directory because I know the name, and this works, but I > also want to see the names. Check the permissions of the directory. Also, as I discovered recently, some ftp servers won't list files > 2GB, but that's probably not the problem you have here. I'd focus on permissions first. -Eric -- arctic bears - email and name services 25 email [EMAIL PROTECTED] CA$11.95/month DNS starting at CA$3.49/month - domains from CA$25.95/year for details contact [EMAIL PROTECTED] or visit http://www.arcticbears.com -- [EMAIL PROTECTED] mailing list