View the Most Wanted LQ Wiki articles.
Go Back > Forums > Linux Forums > Linux - Server
User Name
Linux - Server This forum is for the discussion of Linux Software used in a server related context.


Search this Thread
Old 03-02-2011, 07:18 PM   #1
Registered: Dec 2009
Location: Los Angeles
Distribution: Fedora ,CentOS, RHEL
Posts: 59

Rep: Reputation: 17
vsftpd chrooting users that have been jailed into /home/jail/home/$username.

System details:

RHEL 4.5

This is an FTP server, all users have been jailed to '/home/jail/home/$username', using Wolfgang Fuschlberger' script:

The users connect via SFTP; however, they are able to cd up to '/home/jailed/' so I decided to also chroot them into their home directories, to prohibit them from cding up from '/home/jail/home/$username'.
Snippet of my /etc/vsftpd/vsftpd.conf containing relevant directives regarding chroot:


This is supposed to chroot users into their home. However I wasn't seeing any changes upon reloading the vsftpd daemon. I made the changes a few times and nothing ... things were still the same; although users were jailed, they were not being chrooted; they could still cd up to '/home/jail/'. Eventually I noticed, by pure accident, that I could still connect to the FTP server even when vsftpd was stopped!!
I was baffled!

I found this directive in my /etc/ssh/sshd_config:
Subsystem sftp /usr/libexec/openssh/sftp-server

- Does it mean that openssh is directly handling SFTP connections?
Old 03-03-2011, 11:52 AM   #2
Registered: Dec 2009
Location: Los Angeles
Distribution: Fedora ,CentOS, RHEL
Posts: 59

Original Poster
Rep: Reputation: 17
I'll answer my own question
Had a change to do some testing last night on a non-production box, running CentOS, in which vsftpd wasn't even installed ...
... and yes, it still works without an FTP daemon.

So the question now is:
- How to enable chroot for users logging in via SFTP?
Old 03-13-2011, 03:28 AM   #3
LQ Newbie
Registered: Mar 2011
Posts: 3

Rep: Reputation: 0
Smile I got vsftp jail to /home/user directory working, finally!

I was trying to set up vsftp in my Fedora 12 desktop and figured it wasn't easy anymore even after carefully reading and following the how-to step-by-step with this vsftpd.conf:

and tried...:

[root@localhost ~]# ftp
Connected to (
220 (vsFTPd 2.2.2)
Name (
331 Please specify the password.
500 OOPS: cannot change directory:/home/jimbo
Login failed.

I never stopped looking via Google and found this trick by restarting vsftpd (as root: service vsftpd restart)...

getsebool -a | grep ftp

It RETURNS this...:

allow_ftpd_anon_write --> off
allow_ftpd_full_access --> off
allow_ftpd_use_cifs --> off
allow_ftpd_use_nfs --> off
ftp_home_dir --> off
ftpd_connect_db --> off
httpd_enable_ftp_server --> off
sftp_enable_homedirs --> off
sftpd_anon_write --> off
sftpd_full_access --> off
sftpd_write_ssh_home --> off
tftp_anon_write --> off

where "ftp_home_dir" says is "off"

So, I used setsebool...:

setsebool -P ftp_home_dir on

And viola, it finally works!

[root@localhost ~]# ftp
Connected to (
220 (vsFTPd 2.2.2)
Name (
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/home/jimbo"
Old 03-21-2011, 03:27 PM   #4
Registered: Dec 2009
Location: Los Angeles
Distribution: Fedora ,CentOS, RHEL
Posts: 59

Original Poster
Rep: Reputation: 17

Thanks for your post. I got that to work ok, never had your troubles since I had SE disabled. What I'm trying to do is chroot users while using SFTP, not FTP.
The problem is that when you connect via SFTP, vsftpd is NOT used at all, in fact, I found that it doesn't even need to be running. The ftp connection is 100% handled by OpenSSH, not VSFTP. Hence the problem: can't use configuration via /etc/vsftpd.conf to configure this.

Found this way of doing it, I have not tested it yet; it uses the "ChrootDirectory" directive in /etc/ssh/sshd_config.

Last edited by amonamarth; 03-21-2011 at 06:41 PM.
Old 07-09-2011, 06:29 PM   #5
LQ Newbie
Registered: Jun 2011
Posts: 6

Rep: Reputation: 2

jnavar3... voila for me, too! A puzzle solved. I need to learn SELinux.


chroot jail, jail, vsftpd, vsftpdconf

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
FTP users are jailed to home dir ride153 Linux - Server 4 03-08-2007 05:47 PM
vsftpd, web uploads, vsftpd virtual users, apache virtual hosts, home directories jerryasher Linux - Software 7 02-18-2007 06:29 AM
home users with vsftpd swobodin Linux - Software 1 02-15-2004 08:35 AM
Restricting FTP Users to their home dir in vsftpd ~ForgottenFlux~ Linux - Software 2 09-03-2003 07:54 PM
vsftpd: restricting users to home dirs groovin Linux - Security 6 11-25-2002 04:20 PM

All times are GMT -5. The time now is 03:58 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration