chroot_local_user=YES
我在很多论坛帖子中都读过,这是不安全的.
>为什么这不安全?
>如果因为使用ssh加入我的VPS而不安全,那么我可以从sshd锁定这些用户,对吧?
>是否还有其他选择来实现vsftpd的这种行为? (我不想删除我系统上“world”的所有文件夹/文件的读取权限)
解决方法
Q) Help! What are the security implications referred to in the
“chroot_local_user” option?A) Firstly note that other ftp daemons have the same implications. It is a generic problem. The problem isn’t too severe,but it is this: Some people have FTP user accounts which are not trusted to have full shell access. If these accounts can also upload files,there is a small risk. A bad user now has control of the filesystem root,which is their home directory. The ftp daemon might cause some config file to be read – e.g. /etc/some_file. With chroot(),this file is now under the control of the user. vsftpd is careful in this area. But,the system’s libc might want to open locale config files or other settings…