0

User reported they can not upload a folder named etc or lib. Found this article Permission denied on directory with specific name that says I need to set RLimitChroot to off in my proftpd.conf file.

When I set this at the end of my proftpd.conf it works. This is global though. In my proftpd.conf I define directories and would like to only disable RLimitChroot for specific ones..

I haven't found any documentation showing I can or how to enable it only for specific directories... Here's the last few lines of my proftpd.conf showing the directories I want to disable it for. My users home folders are defined as /pub/web/user

<Directory /pub/web/*>
        <Limit DIRS>
                AllowALL
                IgnoreHidden off
        </Limit>
        <Limit STOR WRITE DIRS READ XRMD XMKD>
                AllowALL
        </Limit>
</Directory>

RLimitChroot off

Debian 11 Bullseye

ProFTPD Version 1.3.7a

Tony
  • 1
  • 1
  • The `RLimitChroot` directive cannot be disabled only for specific directories. Why would you want that capability? – Castaglia Aug 03 '22 at 15:18
  • Thanks for your response. I want to give my users the ability to create etc and lib folders in their home directories because certain web packages have etc and lib folders. I want to restrict it across the rest of the system in order to protect the system as I believe the RLimitChroot was intended. – Tony Aug 03 '22 at 16:28
  • Reading [this SO post](https://unix.stackexchange.com/a/332571/157014) might help explain the issue in more detail. The danger is when users are chrooted, and within that chroot, `etc/`, `lib/` directories are created, which can then be exploited, per the post mentioned. – Castaglia Aug 05 '22 at 00:25

0 Answers0