Uncle Fedor
Uncle Fedor
@Gunni , thank you so much for taking your time to document this use case! We're about to perform something very similar, planning to run ProFTPD containerized in our OpenShift...
I've just discovered [mod_vroot](https://github.com/Castaglia/proftpd-mod_vroot) :) So, additional question would be, if that could essentially replace CAP_SYS_CHROOT trickery above?
@Gunni Regarding "_Anything else means the users must exist via nss and .. ew_". Not entirely sure what the ".. ew" bit means ;-) but, generally speaking, the user does...
@Gunni Regarding "_in my case proftpd is given the connecting socket from the user by systemd, and has no other network access at all (`PrivateNetwork=true`)._" What is the reason for...
@Gunni > I don't see how that's a problem, sure the directories are owned by the same OS user and a valid UID, but the users get chrooted into their...
Still needs attention, please
Still needs attention, please