[Dovecot] valid_chroot_dirs question
Luca Corti
luca at leenoox.net
Mon Oct 23 17:32:38 UTC 2006
Hello,
I've got a dovecot setup using PAM and real system users. In this setup
I also use pure-ftpd to give local users ftp access to their $HOMEs.
To have pure-ftpd chroot into the user home i replaced /home/user
with /home/user/./ in /etc/passwd. Unfortunately this breaks Dovecot
this way:
Oct 23 18:18:20 localhost dovecot: Invalid chroot directory
'/home/foo' (user foo) (see valid_chroot_dirs in config file)
and dovecot.conf says
# ':' separated list of directories under which chrooting is allowed for
mail
# processes (ie. /var/mail will allow chrooting to /var/mail/foo/bar
too).
# This setting doesn't affect login_chroot or auth_chroot variables.
# WARNING: Never add directories here which local users can modify, that
# may lead to root exploit. Usually this should be done only if you
don't
# allow shell access for users. See doc/configuration.txt for more
information.
#valid_chroot_dirs =
Now if I set
valid_chroot_dirs = /home
everything works, but the WARNING pretty much scares me since user foo
HAS shell access. Is this safe? Is there a way to avoid this? Why I
can't chroot to /home/foo/./ if I can to /home/foo ?
I'm on 1.0rc10
thanks
More information about the dovecot
mailing list