Current File : //usr/share/doc/proftpd-1.3.5e/contrib/mod_vroot.html |
<!-- $Id: mod_vroot.html,v 1.12 2009/10/19 16:30:18 tj Exp tj $ -->
<!-- $Source: /home/tj/proftpd/modules/doc/RCS/mod_vroot.html,v $ -->
<html>
<head>
<title>ProFTPD module mod_vroot</title>
</head>
<body bgcolor=white>
<hr>
<center>
<h2><b>ProFTPD module <code>mod_vroot</code></b></h2>
</center>
<hr><br>
This module is contained in the <code>mod_vroot.c</code> file for
ProFTPD 1.3.<i>x</i>, and is not compiled by default. Installation
instructions are discussed <a href="#Installation">here</a>.
<p>
The purpose of this module to is to implement a virtual chroot capability
that does not require root privileges. The <code>mod_vroot</code> module
provides this capability by using ProFTPD's FS API, available as of 1.2.8rc1.
<p>
The most current version of <code>mod_vroot</code> can be found at:
<pre>
<a href="http://www.castaglia.org/proftpd/">http://www.castaglia.org/proftpd/</a>
</pre>
<h2>Author</h2>
<p>
Please contact TJ Saunders <tj <i>at</i> castaglia.org> with any
questions, concerns, or suggestions regarding this module.
<h2>Thanks</h2>
<p>
<i>2003-08-26</i>: Thanks to Oskar Liljeblad for the elegant patch that added
symlink support.
<h2>Directives</h2>
<ul>
<li><a href="#VRootAlias">VRootAlias</a>
<li><a href="#VRootEngine">VRootEngine</a>
<li><a href="#VRootLog">VRootLog</a>
<li><a href="#VRootOptions">VRootOptions</a>
<li><a href="#VRootServerRoot">VRootServerRoot</a>
</ul>
<hr>
<h2><a name="VRootAlias">VRootAlias</a></h2>
<strong>Syntax:</strong> VRootAlias <em>src-path dst-path</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br>
<strong>Module:</strong> mod_vroot<br>
<strong>Compatibility:</strong> 1.3.2 and later
<p>
The <code>VRootAlias</code> directive is used to create an "alias" of a
directory outside of the chroot area into the chroot. The <em>dst-path</em>
parameter is a <b>relative</b> path, relative to the chroot area (<i>i.e.</i>
the directory in which the session starts). The <em>src-path</em> parameter,
on the other hand, is an <b>absolute</b> path, and may be to a file or
directory.
<p>
For example, you might map a shared upload directory into a user's home
directory using:
<pre>
<IfModule mod_vroot.c>
VRootEngine on
DefaultRoot ~
VRootAlias /var/ftp/upload ~/upload
</IfModule>
</pre>
This will automatically create an "upload" directory to appear in the
chroot area (in this case, the user's home directory).
<p>
Note that this directive will <b>not</b> work if the
<code>VRootServerRoot</code> is used.
<p>
<hr>
<h2><a name="VRootEngine">VRootEngine</a></h2>
<strong>Syntax:</strong> VRootEngine <em>on|off</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br>
<strong>Module:</strong> mod_vroot<br>
<strong>Compatibility:</strong> 1.2.8rc1 and later
<p>
The <code>VRootEngine</code> directive enables the virtual chroot engine
implemented by <code>mod_vroot</code>. If enabled, the virtual chroot will
be used in place of the operating system's <code>chroot(2)</code>. This
directive affects any <code>DefaultRoot</code> directives and any
<code><Anonymous></code> contexts within the server context in which
the <code>VRootEngine</code> directive appears.
<p>
<hr>
<h2><a name="VRootLog">VRootLog</a></h2>
<strong>Syntax:</strong> VRootLog <em>file</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br>
<strong>Module:</strong> mod_vroot<br>
<strong>Compatibility:</strong> 1.3.0rc1 and later
<p>
The <code>VRootLog</code> directive is used to specify a log file for
<code>mod_vroot</code>'s reporting on a per-server basis. The <em>file</em>
parameter given must be the full path to the file to use for logging.
<p>
<hr>
<h2><a name="VRootOptions">VRootOptions</a></h2>
<strong>Syntax:</strong> VRootOptions <em>opt1 ...</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> "server config" <code><VirtualHost></code>, <code><Global></code><br>
<strong>Module:</strong> mod_vroot<br>
<strong>Compatibility:</strong> 1.2.9rc2 and later
<p>
The <code>VRootOptions</code> directive is used to configure various optional
behavior of <code>mod_vroot</code>.
<p>
Example:
<pre>
VRootOptions allowSymlinks
</pre>
<p>
The currently implemented options are:
<ul>
<li><code>allowSymlinks</code><br>
<p>
Normally, any symlinks that point outside of the vroot area simply do
not work. When the <code>allowSymlinks</code> option is enabled, these
symlinks will be allowed. Note that by enabling symlinks, the efficacy
of the vroot "jail" is reduced.
</li>
</ul>
<p>
<hr>
<h2><a name="VRootServerRoot">VRootServerRoot</a></h2>
<strong>Syntax:</strong> VRootServerRoot <em>path</em><br>
<strong>Default:</strong> None<br>
<strong>Context:</strong> "server config" <code><VirtualHost></code>, <code><Global></code><br>
<strong>Module:</strong> mod_vroot<br>
<strong>Compatibility:</strong> 1.3.2rc1 and later
<p>
The <code>VRootServerRoot</code> directive is used to configure a directory
to which the <code>mod_vroot</code> module will perform a <i>real</i> chroot.
The idea is that each <code><VirtualHost></code> can have its own
directory to which a real <code>chroot(2)</code> system call is made;
the user-specific home directories will be virtual roots underneath this
directory. Thus some measure of security, via the <code>chroot(2)</code>
system call, is provided by the kernel, while still allowing symlinked shared
folders among users of this <code><VirtualHost></code>.
<p>
For example:
<pre>
<VirtualHost a.b.c.d>
VRootEngine on
VRootServerRoot /etc/ftpd/a.b.c.d/
VRootOptions allowSymlinks
DefaultRoot ~
...
</VirtualHost>
</pre>
<p>
See also: <a href="#VRootOptions"><code>VRootOptions</code></a>
<p>
<hr>
<h2><a name="Installation">Installation</a></h2>
After unpacking and patching the latest proftpd-1.3.<i>x</i> source code, copy
the <code>mod_vroot.c</code> file into:
<pre>
<i>proftpd-dir</i>/contrib/
</pre>
Then follow the normal steps for using third-party modules in proftpd:
<pre>
./configure --with-modules=mod_vroot
make
make install
</pre>
<p>
<hr>
Author: <i>$Author: tj $</i><br>
Last Updated: <i>$Date: 2009/10/19 16:30:18 $</i><br>
<hr>
<font size=2><b><i>
© Copyright 2000-2009 TJ Saunders<br>
All Rights Reserved<br>
</i></b></font>
<hr>
</body>
</html>