Mohammedz.com

For Linux and Shell scripting.

VSFTP chroot or jail users – How to Limit Users to Only Their Home Directory?

6 Comments


Normal users can go to /etc directory (may be to all other directories) and if there is “read only” permission to sensitive files, the user can download the file via FTP.

If you do not wish FTP users to be able to access any files outside of their own home directory, set up chroot jail.

Open the vsftpd configuration file, /etc/vsftpd/vsftpd.conf, with the command:

# vi /etc/vsftpd/vsftpd.conf

Make sure following line exists (and is un-commented):

chroot_local_user=YES

Save and close the file. Restart vsftpd:

# /etc/init.d/vsftpd restart

Now all users of VSFTPD/FTP will be limited to accessing only files in their own home directory. They will not able to see /, /etc, /root, /tmp and all other directories. This is an essential security feature.

About these ads

6 thoughts on “VSFTP chroot or jail users – How to Limit Users to Only Their Home Directory?

  1. it didn’t work. i am able to see other directories, but can’t list them..

  2. Veril,

    I guess you can see *other* users’ directories, but can’t list items in them. If I am correct that what this article is meant for !!! This article is meant for “how to limit users to only their home directory”. So, you shouldn’t be able to list *other* directories.

    Correct me if I got you wrongly.

    Thanks,
    Mohammed.

  3. This options is not a chroot option this is only an option of the vsftpd, the enviroment is the / directory

  4. Working with vsftp and also need to lock down people to jail users.

    However i Have big problem dooing so.

    1. I have because i need big disk for data mountet users in fstab to other harddrive so users are now in /media/usb0/home.

    2 I tryied to use chroot_local_user=YES

    4 user trying to lock in can’t get to home when trying to connect getting reply that /media/usb0/home is not accessably.

    Am I trying to fix problem the wrong way?

    I didn’t find command to get vsftp to start in some directory and let users stay there.

  5. Hello webmaster
    I would like to share with you a link to your site
    write me here preonrelt@mail.ru

  6. In addition to being old and archaic, vi is non-intuitive for those who’ve not had to use it in the past. You may want to include a short tutorial in modes and why : and ! are used, or just recommend an editor instead.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.