0

I'm trying to have full access to my CentOS8 VPS (ie accessing root directory /) through a mounted cURLFTPFS directory on my local Archlinux system. However no config seems to allow me to mount anything other than the user's home directory (/home/admin).

I've tried all combinations of:

  • Setting the line DefaultRoot / admin in /etc/proftpd.conf
  • Setting the line DefaultChdir / in /etc/proftpd.conf
  • Mounting with curlftpfs vps.example.com mountpoint
  • Mounting with curlftpfs vps.example.com/ mountpoint
  • Mounting with curlftpfs vps.example.com// mountpoint
  • Mounting with curlftpfs vps.example.com:/ mountpoint
  • Mounting with curlftpfs vps.example.com:// mountpoint

Preemptive responses:

  • I'm using ProFTPD
  • The user I'm connecting with is admin
  • Login details are set in .netrc
  • I'm not using a VirtualHost in the proftpd config file.
  • I am not forgetting to systemctl reload proftpd

Any advice would be highly welcomed.

totalolage
  • 27
  • 8
  • You do not have the privilege to write to other folders. You would have to login to machine and change permissions before you can write. – jdweng Jul 28 '20 at 10:50
  • @jdweng Is write access required in order to mount through ftp? Doing `sudo chgrp root:admin /` seems a bad idea. Would adding the `admin` user to the `root` group be a valid/good solution? Edit: I tried adding `admin` to the `root` group, this doesn't work since root has mod 555 (not allowing writes by anyone except root). – totalolage Jul 28 '20 at 11:06
  • Who owns the folder? What login is being used by FTP? The best solution would to change Group and put users who are going to use FTP into the group. – jdweng Jul 28 '20 at 11:13
  • @jdweng It's the filesystem root (`/`), so it's owned by `root`. I tried temporarily enabling `root` login through ftp, I added the same rule `DefaultRoot / root`, then attempted to mount `/`. The exact same thing happens; I'm only limited to the home directory (`/root` in this case). – totalolage Jul 28 '20 at 11:30
  • Is folder for root set to read only? Try FTP from cmd.exe >FTP and see if same thing happens? Also try CD to see if you can get into the folder. – jdweng Jul 28 '20 at 11:54
  • @jdweng Thank you for your help, it was a stupid oversight in the end, as is to be expected. I've put the answer below. – totalolage Jul 28 '20 at 17:00

1 Answers1

0

I have found the problem and it's as dumb as can reasonably be expected.

By default, ProFTPD locks all users to home directories except for the adm group. This overrides all other access controls.

All I had to do was change the line DefaultRoot ~ !adm (which his hidden amongst lines of comments in /etc/proftpd.conf) to DefaultRoot ~ !adm,!admin.

totalolage
  • 27
  • 8