ChrootEveryone does not seem to work

[PreciousRoy0]

Behaviour

When logging in I have full access to the system files. even though in /etc/pure-ftpd.conf ChrootEveryone is set to yes

i was trying stuff out, if i delete everything in /etc/pure-ftpd.conf the server still starts fine. is this file being used?

Steps to reproduce this issue

1. download the example https://github.com/crazy-max/docker-pure-ftpd/tree/master/examples/mariadb
2. create an account docker-compose exec db mysql -u pureftpd -p'asupersecretpassword' -e "INSERT INTO users (User,Password,Uid,Gid,Dir) VALUES ('foo',ENCRYPT('test'),'1003','1005','/home/foo');" pureftpd
3. login in with a ftp client in my case winscp

Expected behaviour

well i should not be able to see the system files.

Actual behaviour

i can see everything and navigate and download.

Configuration

• Docker version (type docker --version) : Docker version 20.10.24, build 297e128
• Docker compose version if applicable (type docker-compose --version) : Docker Compose version v2.17.2
• Platform (Debian 9, Ubuntu 18.04, ...) : Ubuntu WSL newest
• System info (type uname -a) : docker windows
• Include all necessary configuration files : docker-compose.yml, .env, i was able to reproduce this issue by just running the example. https://github.com/crazy-max/docker-pure-ftpd/tree/master/examples/mariadb

Docker info

Client: Context: default Debug Mode: false Plugins: buildx: Docker Buildx (Docker Inc., v0.10.4) compose: Docker Compose (Docker Inc., v2.17.2) dev: Docker Dev Environments (Docker Inc., v0.1.0) extension: Manages Docker extensions (Docker Inc., v0.2.19) init: Creates Docker-related starter files for your project (Docker Inc., v0.1.0-beta.2) sbom: View the packaged-based Software Bill Of Materials (SBOM) for an image (Anchore Inc., 0.6.0) scan: Docker Scan (Docker Inc., v0.25.0) scout: Command line tool for Docker Scout (Docker Inc., v0.9.0)

Server: Containers: 4 Running: 4 Paused: 0 Stopped: 0 Images: 5 Server Version: 20.10.24 Storage Driver: overlay2 Backing Filesystem: extfs Supports d_type: true Native Overlay Diff: true userxattr: false Logging Driver: json-file Cgroup Driver: cgroupfs Cgroup Version: 2 Plugins: Volume: local Network: bridge host ipvlan macvlan null overlay Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog Swarm: inactive Runtimes: io.containerd.runc.v2 io.containerd.runtime.v1.linux runc Default Runtime: runc Init Binary: docker-init containerd version: 2456e983eb9e37e47538f59ea18f2043c9a73640 runc version: v1.1.4-0-g5fd4c4d init version: de40ad0 Security Options: seccomp Profile: default cgroupns Kernel Version: 5.15.90.1-microsoft-standard-WSL2 Operating System: Docker Desktop OSType: linux Architecture: x86_64 CPUs: 32 Total Memory: 15.57GiB Name: docker-desktop ID: R23H:JWFG:UAWE:IGO5:KG2E:KKN5:F4UA:P677:OU4Y:SX47:BGKE:F2XV Docker Root Dir: /var/lib/docker Debug Mode: false HTTP Proxy: http.docker.internal:3128 HTTPS Proxy: http.docker.internal:3128 No Proxy: hubproxy.docker.internal Registry: https://index.docker.io/v1/ Labels: Experimental: false Insecure Registries: hubproxy.docker.internal:5555 127.0.0.0/8 Live Restore Enabled: false

Logs

2023-04-08 17:03:18 [s6-init] making user provided files available at /var/run/s6/etc...exited 0. 2023-04-08 17:03:18 [s6-init] ensuring user provided files have correct perms...exited 0. 2023-04-08 17:03:18 [fix-attrs.d] applying ownership & permissions fixes... 2023-04-08 17:03:18 [fix-attrs.d] done. 2023-04-08 17:03:18 [cont-init.d] executing container initialization scripts... 2023-04-08 17:03:18 [cont-init.d] 01-config.sh: executing... 2023-04-08 17:03:18 Setting timezone to Europe/Paris... 2023-04-08 17:03:18 Use MySQL authentication method 2023-04-08 17:03:18 Waiting 45s for MySQL database to be ready... 2023-04-08 17:03:32 MySQL database ready! 2023-04-08 17:03:32 Flags 2023-04-08 17:03:32 Secure: --maxclientsnumber 5 --maxclientsperip 5 --antiwarez --customerproof --dontresolve --norename --prohibitdotfilesread --prohibitdotfileswrite 2023-04-08 17:03:32 Additional: 2023-04-08 17:03:32 All: --bind 0.0.0.0,2100 --ipv4only --passiveportrange 30000:30009 --noanonymous --createhomedir --nochmod --syslogfacility ftp --forcepassiveip 83.83.84.207 --maxclientsnumber 5 --maxclientsperip 5 --antiwarez --customerproof --dontresolve --norename --prohibitdotfilesread --prohibitdotfileswrite --login mysql:/data/pureftpd-mysql.conf 2023-04-08 17:03:32 [cont-init.d] 01-config.sh: exited 0. 2023-04-08 17:03:32 [cont-init.d] 02-service.sh: executing... 2023-04-08 17:03:32 [cont-init.d] 02-service.sh: exited 0. 2023-04-08 17:03:32 [cont-init.d] 03-uploadscript.sh: executing... 2023-04-08 17:03:33 [cont-init.d] 03-uploadscript.sh: exited 0. 2023-04-08 17:03:33 [cont-init.d] ~-socklog: executing... 2023-04-08 17:03:33 [cont-init.d] ~-socklog: exited 0. 2023-04-08 17:03:33 [cont-init.d] done. 2023-04-08 17:03:33 [services.d] starting services 2023-04-08 17:03:33 [services.d] done. 2023-04-08 17:03:37 ftp.info: Apr 8 15:03:37 pure-ftpd: (?@172.26.0.1) [INFO] New connection from 172.26.0.1 2023-04-08 17:03:43 ftp.warn: Apr 8 15:03:43 pure-ftpd: (?@172.26.0.1) [WARNING] Authentication failed for user [banana] 2023-04-08 17:03:43 ftp.info: Apr 8 15:03:43 pure-ftpd: (?@172.26.0.1) [INFO] Logout. 2023-04-08 17:04:13 ftp.info: Apr 8 15:04:13 pure-ftpd: (?@172.26.0.1) [INFO] New connection from 172.26.0.1 2023-04-08 17:04:15 ftp.info: Apr 8 15:04:15 pure-ftpd: (?@172.26.0.1) [INFO] foo is now logged in``

[5kr1p7]

1. Add flag to startup: echo "--chrooteveryone" >> data/pureftpd.flags
2. Apply changes: docker compose up -d or docker compose restart