dashizz Posted May 1, 2013 Report Share Posted May 1, 2013 Hi all,I just recently came across BTSync and plan on mass deployment. My main concern is that the "Select Folder" option in the WebUI (Linux) lists everything starting in '/'. Could you possibly have the WebUI chrooted to the "dir" location from the conf or introduce "chroot" as an available option? For example, user 'qwerty' would have something along the following set in the conf:"dir" : "/home/btsync/users/qwerty","chroot" : "/home/btsync/users/qwerty",Then when user "qwerty" logs into the WebUI, and clicks "Add folder", their home/root path would be chrooted to the above value(s) and not '/' on the box. I'm sure others would like to see the same implemented in a multi-user environment.Detrimental common usage scenario:The average user will run the btsync daemon under the root account other than start it under a new/other system user. By doing so, the standard btsync user will be able to add otherwise sensitive file/folder locations to it's share via the WebUI - such as shadow hashes, plaintext database configuration files found on the server, etc. This poses a huge security risk for any shared environment as otherwise imposed system restrictions will be easily circumvented.I hope you take the chroot option into consideration Quote Link to comment Share on other sites More sharing options...
mose Posted May 1, 2013 Report Share Posted May 1, 2013 +1 Quote Link to comment Share on other sites More sharing options...
dashizz Posted May 1, 2013 Author Report Share Posted May 1, 2013 I also tried the following to set the chroot manually per-say but for some reason the directory never lists:- unpack user/.sync/webui.zip- change:webui.js:14: var ROOT_PATH = "/";to:var ROOT_PATH = "/home/user/btsync";jqueryFileTree.js:39: if( o.root == undefined ) o.root = '/';toif( o.root == undefined ) o.root = '/home/user/btsync';- repack webui.zip- chattr +ia webui.zip so that restarting the daemon doesn't reset webui.zip- restart btsync daemonThe list simply sits blank, didn't see any console errors/related server log entries. My JS understanding is pretty limited Ideas anyone? Quote Link to comment Share on other sites More sharing options...
yottabit Posted May 8, 2013 Report Share Posted May 8, 2013 Have you considered creating a chroot jail yourself and running BTSync within? I haven't tried it, but this may work...http://ubuntuforums.org/showthread.php?t=1156240 Quote Link to comment Share on other sites More sharing options...
eseelke Posted May 11, 2013 Report Share Posted May 11, 2013 I agree. This would be a great feature even for those that don't share. This way we can specify on our NAS where the shared folders start. It took me quite awhile to remember where the QNAP stored it's shared folders. Quote Link to comment Share on other sites More sharing options...
dashizz Posted May 12, 2013 Author Report Share Posted May 12, 2013 Have you considered creating a chroot jail yourself and running BTSync within? I haven't tried it, but this may work...http://ubuntuforums....d.php?t=1156240I honestly don't think this path should be needed as it simply increases the overhead. Looking over the recent changelog I saw something similar to this request however it didn't work for me. Anyone else have any luck with this issue? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.