Welcome to the most active Linux Forum on the web.
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 11-20-2003, 11:37 AM   #1
LQ Newbie
Registered: Aug 2003
Posts: 12

Rep: Reputation: 0
VSFTPD - lock user to home directory


I have read many posts about this and mirrored the setup, but no dice. I have a RedHat 9 system. What I have done:

added a ftpuser with own group and home directory

edited /etc/vsftpd/vsftpd.conf:

edited /etc/vsftpd.chroot_list:
added ftpuser

edited /etc/passwd entry for ftpuser:
ftpuser:X:#:#:FTP User Account:/home/ftpuser/./:/bin/false

edited /etc/shells and added:

restarted xinetd and vsftpd

The ftpuser can STILL traverse the entire directory structure. What the heck am I missing here?
Old 11-20-2003, 01:51 PM   #2
Registered: Oct 2003
Distribution: Debian
Posts: 39

Rep: Reputation: 15
from "man vsftpd.conf"
              If activated, you may provide a list of local users
              who  are  placed  in  a chroot() jail in their home
              directory upon login. The meaning is slightly  dif_
              ferent  if chroot_local_user is set to YES. In this
              case, the list becomes a list of  users  which  are
              NOT  to  be placed in a chroot() jail.  By default,
              the    file     containing     this     list     is
              /etc/vsftpd.chroot_list,  but you may override this
              with the chroot_list_file setting.
also, you probably don't need to add "/bin/false" to your "/etc/shells" file. The point of the "/bin/false" entry in "/etc/passwd" file is that it shouldn't resolve to a valid shell.

Last edited by Tramontane; 11-20-2003 at 01:56 PM.
Old 11-20-2003, 01:55 PM   #3
Registered: Oct 2003
Location: Toronto, Canada
Distribution: Ubuntu, FC3, RHEL 3-4 AS Retired: SuSE 9.1 Pro, RedHat 6-9, FC1-2
Posts: 360

Rep: Reputation: 30
Ok... I see what you've done. The simple answer is that if you use chroot_local_user=YES then the vsftpd.chroot_list becomes a list of users to NOT chroot. So... you said chroot ALL users but ftpuser.

Notice the commented out lines.
In /etc/vsftpd/vsftpd.conf:

edited /etc/vsftpd.chroot_list:
add users only that DO NOT NOT NOT NOT get chrooted.

use /sbin/nologin
edited /etc/passwd entry for ftpuser:
ftpuser:X:#:#:FTP User Account:/home/ftpuser/./:/sbin/nologin


means that by default ALL users get chrooted except users in the file

means that by default ONLY users in the file get chrooted.

See the difference?
Old 11-20-2003, 02:04 PM   #4
LQ Newbie
Registered: Aug 2003
Posts: 12

Original Poster
Rep: Reputation: 0
Okay, it's backwards of what it seems. I changed chroot_local_user to NO and now things work fine, the user 'ftpuser' can't move up in the directory structure, can only navigate around it's home directory.

Thank you for straightening me out.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
create ftp user for vsftpd server without home directory cccc Linux - Networking 2 07-30-2005 06:32 AM
vsftpd - limit user to his/her home directory kaon Linux - Software 0 01-15-2005 12:32 AM
vsFTPd: howto keep a user in his home directory jonnyz Linux - Networking 1 06-20-2003 02:06 PM
SSH lock users to the Home Directory jasonweb Linux - Security 2 04-11-2003 06:20 PM
vsftpd home directory Harpune Linux - Networking 2 03-16-2003 10:58 AM > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 02:20 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration