twitter

How To's Tutorials

Configure VSFTPD Chroot Environment on CentOS/RHEL

Overview

 

vsftpd stands for "Very Secure FTP Daemon", is an FTP server for Unix-like systems, including Linux. When we configure vsftpd , all ftp users can move to other's directory from their home folder. In this article we will make the changes in the vsftpd server so that user's are limited to their home directory only. This can be achieved by setting up vsftpd chroot or jail like environment.

 

As shown in the below examples , jack is a ftp user , who can change their directory.

 

 

Now Follow below steps to configure chroot or jail like Environment invsftpd :

 

Step:1  Edit the config file '/etc/vsftpd/vsftpd.conf'

 

[root@localhost ~]# vi /etc/vsftpd/vsftpd.conf
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
chroot_list_enable=YES

# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list

 

Save & exit

 

Important Notes :  ( 1 ) if you are only uncommenting the line 'chroot_local_user=YES' . All the local users are chroot()  /jailed to their home  direcory.

 

(2) if we want only selected ftp users restricted to their home directory, then uncomment the line "chroot_list_enable=YES" and  "chroot_list_file=/etc/vsftpd/chroot_list"  and create a file '/etc/vsftpd/chroot_list' and add the users that we want to chroot.

 

Step : 3 Create a file '/etc/vsftpd/chroot_list'

 

[root@localhost ~]# vi /etc/vsftpd/chroot_list
jack

 

User's listed in this file will be restricted to their home diretcory.

 

Step:4 Start the ftp service using below command

 

[root@localhost ~]# service vsftpd restart ; chkconfig vsftpd on
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]

 

Step:5 Now do  the testing

 

In case of 'chroot_local_user=YES'  :

 

 

In case of "chroot_list_enable=YES" and  "chroot_list_file=/etc/vsftpd/chroot_list". users listed in chroot_list file will be restrictedand other users are allowed to change the directory. In My scenario i have two local users Jack & Mark , where jack is listed in chroot_file.

 

For Jack User :

 

 

For Mark user :

 

 

comments powered by Disqus