Recommended Posts

Hi all,

I just recently came across BTSync and plan on mass deployment. My main concern is that the "Select Folder" option in the WebUI (Linux) lists everything starting in '/'. Could you possibly have the WebUI chrooted to the "dir" location from the conf or introduce "chroot" as an available option? For example, user 'qwerty' would have something along the following set in the conf:

"dir" : "/home/btsync/users/qwerty",

"chroot" : "/home/btsync/users/qwerty",

Then when user "qwerty" logs into the WebUI, and clicks "Add folder", their home/root path would be chrooted to the above value(s) and not '/' on the box. I'm sure others would like to see the same implemented in a multi-user environment.

Detrimental common usage scenario:

The average user will run the btsync daemon under the root account other than start it under a new/other system user. By doing so, the standard btsync user will be able to add otherwise sensitive file/folder locations to it's share via the WebUI - such as shadow hashes, plaintext database configuration files found on the server, etc. This poses a huge security risk for any shared environment as otherwise imposed system restrictions will be easily circumvented.

I hope you take the chroot option into consideration :)

Link to post
Share on other sites

I also tried the following to set the chroot manually per-say but for some reason the directory never lists:

- unpack user/.sync/webui.zip

- change:

webui.js:14: var ROOT_PATH = "/";

to:

var ROOT_PATH = "/home/user/btsync";

jqueryFileTree.js:39: if( o.root == undefined ) o.root = '/';

to

if( o.root == undefined ) o.root = '/home/user/btsync';

- repack webui.zip

- chattr +ia webui.zip so that restarting the daemon doesn't reset webui.zip

- restart btsync daemon

The list simply sits blank, didn't see any console errors/related server log entries. My JS understanding is pretty limited :) Ideas anyone?

Link to post
Share on other sites

I agree. This would be a great feature even for those that don't share. This way we can specify on our NAS where the shared folders start. It took me quite awhile to remember where the QNAP stored it's shared folders.

Link to post
Share on other sites

Have you considered creating a chroot jail yourself and running BTSync within? I haven't tried it, but this may work...

http://ubuntuforums....d.php?t=1156240

I honestly don't think this path should be needed as it simply increases the overhead. Looking over the recent changelog I saw something similar to this request however it didn't work for me. Anyone else have any luck with this issue?

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.