• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : How to set chroot jail for vsftp for all the users

by admin

Under default VSFTP configuration, VSFTP login users can navigate to top-level directories which might cause security issues. There are situations when you do not wish FTP users to be able to access any files outside of their own home directory. The vsftp daemon can be chrooted to implement this policy.

Set chroot jail to default $HOME directory for all local users

Follow the steps below to chroot jail to default home directory for all the local users on the system.

1. In VSFTP Server configuration file /etc/vsftpd/vsftpd.conf, set the below parameter:

# vi /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
Note: Make sure “chroot_list_enable” is not set to “YES“. If chroot_list_enable=YES then you must also have the parameter chroot_list_file=/etc/vsftpd/chroot_list set in your vsftpd.conf file telling the deamon where to find the chroot_list file. vsftpd will look at that file and any user listed in that file will be placed in a chroot jail

2. Restart vsftpd service on VSFTP Server:

# service vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]

3. Test with a chroot jail user, and create a directory under chroot directory.

# ftp ftphost
Connected to ftphost (192.168.149.10).
220 (vsFTPd 2.0.5)
Name (192.168.149.10:root): testuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (192.168.149.10,72,224)
150 Here comes the directory listing.
226 Directory send OK.
ftp> cd /
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (192.168.149.10,135,209)
150 Here comes the directory listing.
226 Directory send OK.
ftp> mkdir chroot_jail_dir
257 "/chroot_jail_dir" created
ftp> ls
227 Entering Passive Mode (192.168.149.10,40,202)
150 Here comes the directory listing.
drwxr-xr-x    2 511      511          4096 Nov 12 11:40 chroot_jail_dir
226 Directory send OK.
ftp>

4. Check the location of the created directory on VSFTP Server. You would see a directory created under the home directory (/home/testuser) of the user “testuser” instead of the actual root directory (/)

Directory is not created under / as shown below:

# ls / | grep chroot_jail_dir

Instead it is created under the home directory of the “testuser” user.

# ls /home/testuser/ | grep chroot_jail_dir
chroot_jail_dir
CentOS / RHEL : How to set chroot jail for vsftp only for specific users

Filed Under: Linux

Some more articles you might also be interested in …

  1. How to enable SFTP Logging without chroot in CentOS/RHEL
  2. uptime Command Examples in Linux
  3. Allow cronjobs to run by pam even if user password is expired
  4. openfortivpn Command Examples in Linux
  5. ac – Print statistics on how long users have been connected (Command Examples)
  6. mkfs.fat Command Examples in Linux
  7. nixos-option: Command Examples in Linux
  8. How to Automate Startup/Shutdown of Oracle Database and Listener on Linux
  9. startx: command not found
  10. Which network ports are reserved by the Linux Operating System?

You May Also Like

Primary Sidebar

Recent Posts

  • aws ec2: CLI for AWS EC2 (Command Examples)
  • aws cur – Create, query, and delete AWS usage report definitions (Command Examples)
  • aws configure – Manage configuration for the AWS CLI (Command Examples)
  • aws cognito-idp: Manage Amazon Cognito user pool and its users and groups using the CLI

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright