<!-- $Id: mod_vroot.html,v 1.12 2009/10/19 16:30:18 tj Exp tj $ --> <!-- $Source: /home/tj/proftpd/modules/doc/RCS/mod_vroot.html,v $ --> <html> <head> <title>ProFTPD module mod_vroot</title> </head> <body bgcolor=white> <hr> <center> <h2><b>ProFTPD module <code>mod_vroot</code></b></h2> </center> <hr><br> This module is contained in the <code>mod_vroot.c</code> file for ProFTPD 1.3.<i>x</i>, and is not compiled by default. Installation instructions are discussed <a href="#Installation">here</a>. <p> The purpose of this module to is to implement a virtual chroot capability that does not require root privileges. The <code>mod_vroot</code> module provides this capability by using ProFTPD's FS API, available as of 1.2.8rc1. <p> The most current version of <code>mod_vroot</code> can be found at: <pre> <a href="http://www.castaglia.org/proftpd/">http://www.castaglia.org/proftpd/</a> </pre> <h2>Author</h2> <p> Please contact TJ Saunders <tj <i>at</i> castaglia.org> with any questions, concerns, or suggestions regarding this module. <h2>Thanks</h2> <p> <i>2003-08-26</i>: Thanks to Oskar Liljeblad for the elegant patch that added symlink support. <h2>Directives</h2> <ul> <li><a href="#VRootAlias">VRootAlias</a> <li><a href="#VRootEngine">VRootEngine</a> <li><a href="#VRootLog">VRootLog</a> <li><a href="#VRootOptions">VRootOptions</a> <li><a href="#VRootServerRoot">VRootServerRoot</a> </ul> <hr> <h2><a name="VRootAlias">VRootAlias</a></h2> <strong>Syntax:</strong> VRootAlias <em>src-path dst-path</em><br> <strong>Default:</strong> None<br> <strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br> <strong>Module:</strong> mod_vroot<br> <strong>Compatibility:</strong> 1.3.2 and later <p> The <code>VRootAlias</code> directive is used to create an "alias" of a directory outside of the chroot area into the chroot. The <em>dst-path</em> parameter is a <b>relative</b> path, relative to the chroot area (<i>i.e.</i> the directory in which the session starts). The <em>src-path</em> parameter, on the other hand, is an <b>absolute</b> path, and may be to a file or directory. <p> For example, you might map a shared upload directory into a user's home directory using: <pre> <IfModule mod_vroot.c> VRootEngine on DefaultRoot ~ VRootAlias /var/ftp/upload ~/upload </IfModule> </pre> This will automatically create an "upload" directory to appear in the chroot area (in this case, the user's home directory). <p> Note that this directive will <b>not</b> work if the <code>VRootServerRoot</code> is used. <p> <hr> <h2><a name="VRootEngine">VRootEngine</a></h2> <strong>Syntax:</strong> VRootEngine <em>on|off</em><br> <strong>Default:</strong> None<br> <strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br> <strong>Module:</strong> mod_vroot<br> <strong>Compatibility:</strong> 1.2.8rc1 and later <p> The <code>VRootEngine</code> directive enables the virtual chroot engine implemented by <code>mod_vroot</code>. If enabled, the virtual chroot will be used in place of the operating system's <code>chroot(2)</code>. This directive affects any <code>DefaultRoot</code> directives and any <code><Anonymous></code> contexts within the server context in which the <code>VRootEngine</code> directive appears. <p> <hr> <h2><a name="VRootLog">VRootLog</a></h2> <strong>Syntax:</strong> VRootLog <em>file</em><br> <strong>Default:</strong> None<br> <strong>Context:</strong> server config, <code><VirtualHost></code>, <code><Global></code><br> <strong>Module:</strong> mod_vroot<br> <strong>Compatibility:</strong> 1.3.0rc1 and later <p> The <code>VRootLog</code> directive is used to specify a log file for <code>mod_vroot</code>'s reporting on a per-server basis. The <em>file</em> parameter given must be the full path to the file to use for logging. <p> <hr> <h2><a name="VRootOptions">VRootOptions</a></h2> <strong>Syntax:</strong> VRootOptions <em>opt1 ...</em><br> <strong>Default:</strong> None<br> <strong>Context:</strong> "server config" <code><VirtualHost></code>, <code><Global></code><br> <strong>Module:</strong> mod_vroot<br> <strong>Compatibility:</strong> 1.2.9rc2 and later <p> The <code>VRootOptions</code> directive is used to configure various optional behavior of <code>mod_vroot</code>. <p> Example: <pre> VRootOptions allowSymlinks </pre> <p> The currently implemented options are: <ul> <li><code>allowSymlinks</code><br> <p> Normally, any symlinks that point outside of the vroot area simply do not work. When the <code>allowSymlinks</code> option is enabled, these symlinks will be allowed. Note that by enabling symlinks, the efficacy of the vroot "jail" is reduced. </li> </ul> <p> <hr> <h2><a name="VRootServerRoot">VRootServerRoot</a></h2> <strong>Syntax:</strong> VRootServerRoot <em>path</em><br> <strong>Default:</strong> None<br> <strong>Context:</strong> "server config" <code><VirtualHost></code>, <code><Global></code><br> <strong>Module:</strong> mod_vroot<br> <strong>Compatibility:</strong> 1.3.2rc1 and later <p> The <code>VRootServerRoot</code> directive is used to configure a directory to which the <code>mod_vroot</code> module will perform a <i>real</i> chroot. The idea is that each <code><VirtualHost></code> can have its own directory to which a real <code>chroot(2)</code> system call is made; the user-specific home directories will be virtual roots underneath this directory. Thus some measure of security, via the <code>chroot(2)</code> system call, is provided by the kernel, while still allowing symlinked shared folders among users of this <code><VirtualHost></code>. <p> For example: <pre> <VirtualHost a.b.c.d> VRootEngine on VRootServerRoot /etc/ftpd/a.b.c.d/ VRootOptions allowSymlinks DefaultRoot ~ ... </VirtualHost> </pre> <p> See also: <a href="#VRootOptions"><code>VRootOptions</code></a> <p> <hr> <h2><a name="Installation">Installation</a></h2> After unpacking and patching the latest proftpd-1.3.<i>x</i> source code, copy the <code>mod_vroot.c</code> file into: <pre> <i>proftpd-dir</i>/contrib/ </pre> Then follow the normal steps for using third-party modules in proftpd: <pre> ./configure --with-modules=mod_vroot make make install </pre> <p> <hr> Author: <i>$Author: tj $</i><br> Last Updated: <i>$Date: 2009/10/19 16:30:18 $</i><br> <hr> <font size=2><b><i> © Copyright 2000-2009 TJ Saunders<br> All Rights Reserved<br> </i></b></font> <hr> </body> </html>