vsftpd stands for ‘Very Secure FTP Daemon’, is an FTP server for Unix-like systems, including Linux. When we configure vsftpd, all FTP users can move to other’s directories from their home folders. In this article we will make the changes in the vsftpd server so that user’s are limited to their home directory only. This can be achieved by setting up a vsftpd chroot or jail-like environment.
As shown in the below examples, jack is an FTP user, who can change their directory.
Now Follow below steps to configure chroot or jail like Environment in vsftpd :
Step 1: Edit the config file ‘/etc/vsftpd/vsftpd.conf‘
[root@localhost ~]# vi /etc/vsftpd/vsftpd.conf # You may specify an explicit list of local users to chroot() to their home # directory. If chroot_local_user is YES, then this list becomes a list of # users to NOT chroot(). chroot_local_user=YES chroot_list_enable=YES # (default follows) chroot_list_file=/etc/vsftpd/chroot_list
Save & exit.
Important Notes
1. if you are only uncommenting the line ‘chroot_local_user=YES’. All the local users are chroot() or jailed to their home directory.
2. if we want only selected ftp users restricted to their home directory, then uncomment the line “chroot_list_enable=YES” and ‘chroot_list_file=/etc/vsftpd/chroot_list” and create a file ‘/etc/vsftpd/chroot_list‘ and add the users that we want to chroot.
Step 3: Create a file ‘/etc/vsftpd/chroot_list’
[root@localhost ~]# vi /etc/vsftpd/chroot_list jack
Users listed in this file will be restricted to their home directory.
Step 4: Start the ftp service using below command.
[root@localhost ~]# service vsftpd restart ; chkconfig vsftpd on Shutting down vsftpd: [ OK ] Starting vsftpd for vsftpd: [ OK ] Step:5 Now do the testing
In case of ‘chroot_local_user=YES‘
In case of ‘chroot_list_enable=YES‘ and ‘chroot_list_file=/etc/vsftpd/chroot_list‘. users listed in chroot_list file will be restricted and other users are allowed to change the directory. In My scenario i have two local users Jack & Mark, where jack is listed in chroot_file.