1From ce2be5d4967445828d5ae9d9462cfaa78ae03c73 Mon Sep 17 00:00:00 2001 2From: Ming Liu <ming.liu@windriver.com> 3Date: Wed, 18 Sep 2013 09:44:20 +0800 4Subject: [PATCH] vsftpd: change default value of secure_chroot_dir 5 6Upstream-Status: Pending 7 8Change secure_chroot_dir pointing to a volatile directory. 9 10Signed-off-by: Ming Liu <ming.liu@windriver.com> 11 12--- 13 INSTALL | 6 +++--- 14 tunables.c | 2 +- 15 vsftpd.conf.5 | 2 +- 16 3 files changed, 5 insertions(+), 5 deletions(-) 17 18diff --git a/INSTALL b/INSTALL 19index 4f811aa..427122a 100644 20--- a/INSTALL 21+++ b/INSTALL 22@@ -27,11 +27,11 @@ user in case it does not already exist. e.g.: 23 [root@localhost root]# useradd nobody 24 useradd: user nobody exists 25 26-2b) vsftpd needs the (empty) directory /usr/share/empty in the default 27+2b) vsftpd needs the (empty) directory /var/run/vsftpd/empty in the default 28 configuration. Add this directory in case it does not already exist. e.g.: 29 30-[root@localhost root]# mkdir /usr/share/empty/ 31-mkdir: cannot create directory `/usr/share/empty': File exists 32+[root@localhost root]# mkdir /var/run/vsftpd/empty/ 33+mkdir: cannot create directory `/var/run/vsftpd/empty': File exists 34 35 2c) For anonymous FTP, you will need the user "ftp" to exist, and have a 36 valid home directory (which is NOT owned or writable by the user "ftp"). 37diff --git a/tunables.c b/tunables.c 38index 284a10d..8c63c3f 100644 39--- a/tunables.c 40+++ b/tunables.c 41@@ -254,7 +254,7 @@ tunables_load_defaults() 42 /* -rw------- */ 43 tunable_chown_upload_mode = 0600; 44 45- install_str_setting("/usr/share/empty", &tunable_secure_chroot_dir); 46+ install_str_setting("/var/run/vsftpd/empty", &tunable_secure_chroot_dir); 47 install_str_setting("ftp", &tunable_ftp_username); 48 install_str_setting("root", &tunable_chown_username); 49 install_str_setting("/var/log/xferlog", &tunable_xferlog_file); 50diff --git a/vsftpd.conf.5 b/vsftpd.conf.5 51index fcc6022..e4ffdee 100644 52--- a/vsftpd.conf.5 53+++ b/vsftpd.conf.5 54@@ -969,7 +969,7 @@ This option should be the name of a directory which is empty. Also, the 55 directory should not be writable by the ftp user. This directory is used 56 as a secure chroot() jail at times vsftpd does not require filesystem access. 57 58-Default: /usr/share/empty 59+Default: /var/run/vsftpd/empty 60 .TP 61 .B ssl_ciphers 62 This option can be used to select which SSL ciphers vsftpd will allow for 63