CHROOT in VSFTPD

rolando1bueno · 11-16-2007, 02:04 PM

Hi everyone there.

I'm mounting a FTP server allowing only local user to login.
My problem is that I'm trying to jail the users in a chroot list to their home directory, but when they access the FTP server using CORE FTP, they can access all other folders.

Here's my vsftp.conf chroot configurations an the userlist configuration either.

chmod_enable=NO
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.user_list

I've read in lot's of forums and this should work fine, but it doesn't

please some help

cojo · 11-18-2007, 12:20 AM

comment out "chroot_local_user=NO" and make sure you have all the userid in the vsftpd.chroot_list file that you want to chroot in their home directory.

rolando1bueno · 11-21-2007, 07:01 AM

gracias Cojo,,,,
it didn't work, commenting out "chroot_local_user=NO" is the same that using "chroot_local_user=NO". I'd try it but nothing happend.
The other rare thing is that using filezilla the user are jailed.

thanx

Rolando1bueno

cojo · 11-21-2007, 10:23 PM

can you post your /etc/vsftpd.chroot_list and your vsftpd.conf files?

rolando1bueno · 11-22-2007, 06:36 AM

Here is the vsftpd.conf :

listen=YES

#listen_ipv6=YES

anonymous_enable=NO

local_enable=YES

write_enable=YES

local_umask=022

#anon_upload_enable=YES

#anon_mkdir_write_enable=YES

dirmessage_enable=YES

xferlog_enable=YES

#chown_uploads=YES
#chown_username=whoever
#
#xferlog_file=/var/log/vsftpd.log
#

#xferlog_std_format=YES

#idle_session_timeout=600
#
#data_connection_timeout=120
#
#nopriv_user=ftpsecure
#
#async_abor_enable=YES
#
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
ftpd_banner=Servidor FTP de ENERGETICA
#
#deny_email_enable=YES

#banned_email_file=/etc/vsftpd.banned_emails
#
chmod_enable=NO

#chroot_local_user=NO

chroot_list_enable=YES

chroot_list_file=/etc/vsftpd.chroot_list

#ls_recurse_enable=YES
#
secure_chroot_dir=/var/run/vsftpd
#
pam_service_name=vsftpd
#
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
#
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/vsftpd.user_list

And here is the vsftpd.chroot_list :

#usuarios enjaulados FTP
rafi
jare
migf
vhlw
gcyq
cema
vajt
paginar

Thanx for your time....

cojo · 11-23-2007, 11:45 PM

your config file look fine. The only thing I can see is either your chroot file is not in /etc/vsftpd.chroot_list or misspelled of userid within your chroot file. What is the permission on your vsftpd.chroot_list file?

rolando1bueno · 12-04-2007, 06:16 AM

I haven't set any permission to the chroot file, should I? What permission should I set to it?

Thanks

Rolando1bueno

shahz · 12-04-2007, 09:05 AM

okay just check the permission if the file could be read by the daemon.

it may work, or otherwise try to remove the vsftpd package and install back before doing this have your configuration files saved. some times your true configuration doesn't work as it happend with me some time installing the package again it worked.

stevemisawa · 12-09-2007, 09:32 AM

i had the problem with users being able to wander around to any dir above their home dir, in the vsftp.conf i set chroot_local_user=YES
that worked for me, no more wandering outside of their dirs. hope that helps.