chroot_local_user=YES
我在很多论坛帖子中都读过,这是不安全的.
>为什么这不安全?
>如果因为使用ssh加入我的VPS而不安全,那么我可以从sshd锁定这些用户,对吧?
>是否还有其他选择来实现vsftpd的这种行为? (我不想删除我系统上“world”的所有文件夹/文件的读取权限)
解决方法
Q) Help! What are the security implications referred to in the
“chroot_local_user” option?A) Firstly note that other ftp daemons have the same implications. It is a generic problem. The problem isn’t too severe,but it is this: Some people have FTP user accounts which are not trusted to have full shell access. If these accounts can also upload files,there is a small risk. A bad user Now has control of the filesystem root,which is their home directory. The ftp daemon might cause some config file to be read – e.g. /etc/some_file. With chroot(),this file is Now under the control of the user. vsftpd is careful in this area. But,the system’s libc might want to open locale config files or other settings…
原文地址:https://www.jb51.cc/linux/402264.html
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。