Hello
I am trying to configure WU-FTPD on Solaris 10 to do the following:
Using the
-r parameter to in.ftpd, I am running the FTP demon within a CHROOT jail (
/export/ftp). The FTP service is also being controlled by SMF. This seems to work fine.
However, one of the requirements I have is to run the FTP demon as a non-root user (in case someone hacks the demon, gets root and breaks out of the chroot jail). I configured our FTP SMF manifest file by changing the following lines:
<method_context><method_credential user='root' group='root' />
</method_context>
to be the following
<method_context><method_credential user='ftpdmon' group='ftpdmon' />
</method_context>
where
ftpdmon is the user that will be running the FTP demon.
The problem I am having is that when the FTP demon is started by SMF, the following error is seen:
'Cannot chroot to initial directory, aborting'
A truss output gives the following
20534: chroot("/export/ftp") Err#1 EPERM [proc_chroot]
Is what I am trying to do impossible - i.e. allow a non-root user to run the FTP demon within a CHROOT jail? Does the
-r argument to in.ftpd only apply if you are a root user? Is this something to do with SMF?
Thanks in advance for any help that people can give,
Thanks
Kind regards
Dave