Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

VSFTP Keep ftp users from leaving there home directory

Posted on 2005-04-28
2
Medium Priority
?
1,467 Views
Last Modified: 2009-03-20
Right now I have a vsftp server runnig on a SUSE 9 enterprise machine.  I made a user that is assigned to a group that has no permissions.  Right now when that user logs in via ftp they are placed inside of there home directory.  Which is fine, but  when the do the following

> cd ..

They are able to leave that directory and see the directories above them in the tree structure.  Though they are unable to write to them I still see this as  a bit of a problem.

How can I restrict them to there home directories but still allow them to create folders and write files in side of that jome directory.
0
Comment
Question by:wiedmanb
2 Comments
 
LVL 8

Accepted Solution

by:
marxy earned 2000 total points
ID: 13885505
Use /etc/vsftpd/vsftpd.conf and change the line to
chroot_list_enable=YES

Default follows to file /etc/vsftpd.chroot_list
Add to this file the list of the users you want to be chrooted.

Or, alternativelly, use the option
chroot_local_user=YES
If set to YES, local users will be (by default) placed in a chroot jail in their home directory  after login.
0
 
LVL 18

Expert Comment

by:decoleur
ID: 13942028
A good resource for setting up vsftpd:
http://www.engardelinux.org/howto/vsftp_howto.html

I would add that If you want to enable users to have access to any files or binaries while in a chrooted environment they have to be duplicated in the chroot jail.

Also of note, both vi and the ftp client can enable a user shell access that will bypass most chroot environments.

Hope this helps.
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
Integration Management Part 2
Suggested Courses

577 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question