Hello,
I've got a dovecot setup using PAM and real system users. In this setup I also use pure-ftpd to give local users ftp access to their $HOMEs. To have pure-ftpd chroot into the user home i replaced /home/user with /home/user/./ in /etc/passwd. Unfortunately this breaks Dovecot this way:
Oct 23 18:18:20 localhost dovecot: Invalid chroot directory '/home/foo' (user foo) (see valid_chroot_dirs in config file)
and dovecot.conf says
# ':' separated list of directories under which chrooting is allowed for mail # processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar too). # This setting doesn't affect login_chroot or auth_chroot variables. # WARNING: Never add directories here which local users can modify, that # may lead to root exploit. Usually this should be done only if you don't # allow shell access for users. See doc/configuration.txt for more information. #valid_chroot_dirs =
Now if I set
valid_chroot_dirs = /home
everything works, but the WARNING pretty much scares me since user foo HAS shell access. Is this safe? Is there a way to avoid this? Why I can't chroot to /home/foo/./ if I can to /home/foo ?
I'm on 1.0rc10
thanks