[gollem] gollem jail dir

cjdl01 cjdl01 at brokensolstice.com
Sat Nov 26 22:21:36 UTC 2011


Quoting cjdl01 <cjdl01 at brokensolstice.com>:

> Hello again.
>
> I am trying to set up my gollem using the ftp backend.  It works  
> great with 2.0.1.  I'm using vsftp for my ftp server.
>
> However, I want to set it up so that each user has a subdirectory  
> under their $HOME.  I want them to be essentially chrooted to that  
> dir -- so they cannot go anywhere above that directory and start  
> deleting things they will regret (like their MailDir folder, or  
> .procmailrc).
>
> I successfully set this up in vsftp.  When I would use a command  
> line ftp, i chrooted my to my ~/gollem directory just as I want it.   
> Unfortunately, gollem didn't like that setup.  Logins kept failing  
> with a message:  "Home directory not below root" (or something very  
> similar).
>
> So I decided to try the other route.  In vsftp I set the root back  
> to the user's home dire ($HOME).  It looked like the "root"  
> directive in backends.php was my ticket, except that no matter what  
> I put in there, it wouldn't work.  Auth would fail with the same  
> "Home directory not below root"
>
> After some searching, the only post I found on this was by me, back  
> in 2006, and I never got a working solution.
>
> I have tried such permutations in the 'root' => directive as:
>
> 'root' => 'gollem',
> 'root' => './gollem',
> 'root' => '~/gollem',
> 'root' => '/gollem',
>
> I even tried to hard code it for my test user:
> 'root' => '/home/testuser/gollem'
> 'root' => '/home/testuser'
>     'home' => './gollem
>
> Even logging in as the testsuer, I still got the same error.
>
> I tried:
> 'root' => '/home/' . Auth::getAuth() . '/gollem' as Michael had  
> suggested in that old post, and that doesn't do any better.
>
> I have spent hours upon hours trying various combinations in the  
> root and home directives, as well as altering my vfstpd.conf file.   
> I cannot come up with anything that works...
>
> Any suggestions?
>
> Thanks.
>
> G

You know what?  I must have missed it between the 1 million logons and  
logoffs... but leaving 'root' and 'home' commented out and setting up  
the jail dir in vsftpd.conf does work!  Which is done by putting this  
in your vsftpd.conf:
local_root=/home/$USER/gollem
user_sub_token=$USER

Well... that made my day! :)




> -- 
> Gollem mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: gollem-unsubscribe at lists.horde.org




More information about the gollem mailing list