关于vsftpd的一个参数

soloforce

从官方手册上摘来：

chroot_local_user
    If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users have upload permission, or shell access. Only enable if you know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP daemons which offer to put local users in chroot() jails.

不明白的是红色那句。为什么chroot() jail 对有上传、shell 权限的 本地用户 会有安全问题？
不是说chroot() jail 后更安全吗？

晨想

chroot_list_enable
              If  activated,  you  may  provide  a  list of local users who are placed in a chroot() jail in their home directory upon
              login. [color="Red"]The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes  a  list  of
              users   which   are   NOT   to  be  placed  in  a  chroot()  jail.   By  default,  the  file  containing  this  list  is
              /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting.

              Default: NO

       chroot_local_user
              If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login.  Warning:
              This  option  has security implications, especially if the users have upload permission, or shell access. Only enable if
              you know what you are doing.  Note that these security implications are not vsftpd specific. They apply to all FTP  dae-
              mons which offer to put local users in chroot() jails.

              Default: NO

2个一起看，也许会有一点启发。

soloforce

我已经看过了。两个选项一起用的话，肯定容易造成安全问题，所以我只开启了 chroot_local_user。

我原本是以为这个选项本身有潜在隐患。

觉得这是一个配置选项设计缺陷