How do I limit users of vsftp to only their home directory? Therefore, that user cannot go outside other directories to browser something.
If you do not wish FTP users to be able to access any files outside of their own home directory, set up chroot jail.
For consider following example:
- Ftp username : user1
- FTP home directory: /home/user1
Now normal user can go to /etc directory (may be to all other directories) and if there is read only permission to sensitive files user can download the file via ftp.
To avoid this security problem you can lock ftp user in a jail.
Open vsftpd configuration file - /etc/vsftpd/vsftpd.conf
Make sure following line exists (and uncommented):
Code:
chroot_local_user=YES
Save and close the file. Restart vsftpd.
Code:
service vsftpd restart
Now all users of VSFTPD/FTP will be limited to accessing only files in their own home directory. They will not able to see /, /etc, /root and /tmp and all other directories.
This is an essential security feature.