• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • VCS
  • Interview Questions
  • Database
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : How to set chroot jail for vsftp for all the users

by admin

Under default VSFTP configuration, VSFTP login users can navigate to top-level directories which might cause security issues. There are situations when you do not wish FTP users to be able to access any files outside of their own home directory. The vsftp daemon can be chrooted to implement this policy.

Set chroot jail to default $HOME directory for all local users

Follow the steps below to chroot jail to default home directory for all the local users on the system.

1. In VSFTP Server configuration file /etc/vsftpd/vsftpd.conf, set the below parameter:

# vi /etc/vsftpd/vsftpd.conf
chroot_local_user=YES
Note: Make sure “chroot_list_enable” is not set to “YES“. If chroot_list_enable=YES then you must also have the parameter chroot_list_file=/etc/vsftpd/chroot_list set in your vsftpd.conf file telling the deamon where to find the chroot_list file. vsftpd will look at that file and any user listed in that file will be placed in a chroot jail

2. Restart vsftpd service on VSFTP Server:

# service vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]

3. Test with a chroot jail user, and create a directory under chroot directory.

# ftp ftphost
Connected to ftphost (192.168.149.10).
220 (vsFTPd 2.0.5)
Name (192.168.149.10:root): testuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/"
ftp> ls
227 Entering Passive Mode (192.168.149.10,72,224)
150 Here comes the directory listing.
226 Directory send OK.
ftp> cd /
250 Directory successfully changed.
ftp> ls
227 Entering Passive Mode (192.168.149.10,135,209)
150 Here comes the directory listing.
226 Directory send OK.
ftp> mkdir chroot_jail_dir
257 "/chroot_jail_dir" created
ftp> ls
227 Entering Passive Mode (192.168.149.10,40,202)
150 Here comes the directory listing.
drwxr-xr-x    2 511      511          4096 Nov 12 11:40 chroot_jail_dir
226 Directory send OK.
ftp>

4. Check the location of the created directory on VSFTP Server. You would see a directory created under the home directory (/home/testuser) of the user “testuser” instead of the actual root directory (/)

Directory is not created under / as shown below:

# ls / | grep chroot_jail_dir

Instead it is created under the home directory of the “testuser” user.

# ls /home/testuser/ | grep chroot_jail_dir
chroot_jail_dir
CentOS / RHEL : How to set chroot jail for vsftp only for specific users

Filed Under: Linux

Some more articles you might also be interested in …

  1. lsd Command Examples
  2. ani-cli – A cli to browse and watch anime (Command Examples)
  3. “aws s3 cp” Command Examples
  4. How to Install gulp-tslint software package in NPM Packages
  5. balena Command Examples (Interact with the balenaCloud, openBalena and the balena API from the command-line)
  6. interdiff Command Examples
  7. size: command not found
  8. deluged: A daemon process for the Deluge BitTorrent client
  9. gatsby: Static site generator for React
  10. ffe: Extract fields from a flat database file and write to another format

You May Also Like

Primary Sidebar

Recent Posts

  • Vanilla OS 2 Released: A New Era for Linux Enthusiasts
  • mk Command Examples
  • mixxx Command Examples
  • mix Command Examples

© 2025 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright