ftp server, securing ftp, unclear instructions
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu Server Guide |
New
|
Undecided
|
Unassigned | ||
Bug Description
In the section:
- https:/
The guide states that the edit of /etc/vsftpd.conf to say:
- chroot_
will restrict all users to their home directory; it then goes on to state that the the edit:
- chroot_
- chroot_
(and the subsequent creation of that list file), will restrict only those users listed to their home directories.
However, what is unclear, is whether this latter set of edits overrides the former edit, meaning that anyone not in that list (in the case that both edits are performed) will no longer be restricted to their home directory, even if the former edit was done also ... and also does not make clear whether we are expected to do only one or the other, or both.
What is also unclear, from the previous 2 sections on that same page (but still relating to this section):
- https:/
- https:/
... is whether (in order to allow people to start by default in their home directories, and restrict some or all users to their home directories) we must ALSO change the line:
- sudo usermod -d /home/username/
in order to get the ftp to start them automatically in their home directory (since we are told in that section that it will not happen otherwise ) ... yet this is contradicted in the next section where it says that if we edit the line:
- write_enable=YES
that we will now get the following result:
- "Now when system users login to FTP they will start in their home directories where they can download, upload, create directories, etc."
... so what is unclear on this whole page, is the interaction between each section of instructions ... there is no reference of any kind made from one section of the page to any other, so we the readers have no idea whatsoever whether one command or edit overrides another, or whether it is still required in addition to the others that were mentioned ...
the misleading thing about the statement that editing "write_enable=YES", is that it seems to be saying that this is the only thing required, and yet the preceding section seemed to be suggesting that the ONLY way to start in anything other than the default location, is to run the "usermod" command followed by your alternative default start folder for ftp
I think things like this are quite common throughout linux documentation of all kinds, because people are not very diligent in checking for ambiguity, and struggle to see how a newbie might be easily confused ... and yet it is realistically only a tiny bit of additional effort to be more careful in writing any instructions ... and so perhaps this advisory could be discussed as a topic elsewhere in the forums if it can put this at the top of people's minds when writing documentation ... to be absolutely clear about whether an instruction is to be followed after another, instead of it, additionally to it, and if it is variable (and if so under what conditions) ... and that will save everyone immense amounts of time explaining things to people over & over again, because the instructions are almost always unclear to a newbie (I am constantly writing notes for myself to make up for the inadequacies of documentation)
