Hello,
I run vsftp on Fedora core 1. I created a local user (ftpuser) to access the ftp. The folder is /var/ftp/test. I gave read write access to this folder to ftpuser. I don't want this user to access/see any other folder. The problem is that the ftpuser can browse all folders on the machine... He can go up to /var/ftp then /var then / etc. I read that I could prevent that by setting
chroot_local_user=YES in vsftpd.conf and setting the home of ftpuser to /var/ftp/test. However, as soon as I set chroot_local_user=YES in vsftpd.conf, vsftp daemon fails when I restart it. The status is vsftpd dead but subsys locked.

Any idea?

Thanks,
David.

Are you use vsftpd via xinetd or in standalone mode?

Standalone

Finally found something working!

I added in /etc/vsftpd/vsftpd.conf

#chroot_local_user = YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

Added my ftpuser to the /etc/vsftpd.chroot_list. Actually, this file contains only my ftp users.

Added all local users I don't want to be able to connect via FTP in
/etc/vsftpd.ftpusers

Now, my ftpuser is restricted to its home folder. I tried with other ftp users I created and it is working fine. Other local users listed in vsftpd.ftpusers cannot connect to ftp since they get a login incorrect error.

To me it looks good but is this setting secure to make sure a user won't be able to access files other than the ones in the ftp?

It is kind of risky because it is easy to create a new local user and forget to add it in the vsftpd.ftpusers to prevent him from accessing the ftp.

Finally, from time to time in the shell I get the message :
Mutex destroy failure: Device or resource busy
What's that?

Thanks,
David.