VSFTPD - lock user to home directory
Hi,
I have read many posts about this and mirrored the setup, but no dice. I have a RedHat 9 system. What I have done: added a ftpuser with own group and home directory edited /etc/vsftpd/vsftpd.conf: chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list edited /etc/vsftpd.chroot_list: added ftpuser edited /etc/passwd entry for ftpuser: ftpuser:X:#:#:FTP User Account:/home/ftpuser/./:/bin/false edited /etc/shells and added: /bin/false restarted xinetd and vsftpd The ftpuser can STILL traverse the entire directory structure. What the heck am I missing here? |
from "man vsftpd.conf"
Code:
chroot_list_enable |
Ok... I see what you've done. The simple answer is that if you use chroot_local_user=YES then the vsftpd.chroot_list becomes a list of users to NOT chroot. So... you said chroot ALL users but ftpuser.
Notice the commented out lines. In /etc/vsftpd/vsftpd.conf: chroot_local_user=YES chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list edited /etc/vsftpd.chroot_list: add users only that DO NOT NOT NOT NOT get chrooted. use /sbin/nologin edited /etc/passwd entry for ftpuser: ftpuser:X:#:#:FTP User Account:/home/ftpuser/./:/sbin/nologin ------------ chroot_local_user=YES chroot_list_enable=YES means that by default ALL users get chrooted except users in the file chroot_local_user=NO chroot_list_enable=YES means that by default ONLY users in the file get chrooted. See the difference? |
Okay, it's backwards of what it seems. I changed chroot_local_user to NO and now things work fine, the user 'ftpuser' can't move up in the directory structure, can only navigate around it's home directory.
Thank you for straightening me out. |
All times are GMT -5. The time now is 03:30 PM. |