?
Solved

chroot/chjail for certain directories

Posted on 2006-05-10
1
Medium Priority
?
989 Views
Last Modified: 2013-12-16
I have a project where I need to give some users access via samba, scp and ftp (vsftp).
The dir structure is setup as such.

/var/ftp
/var/ftp/user1
/var/ftp/user2
/var/ftp/user3

What I am trying to do is keep everyone of the users inside /var/ftp and not be allowed outside, but allowing them to place items in any of the user directories.

Please help.



0
Comment
Question by:iceman19330
1 Comment
 
LVL 15

Accepted Solution

by:
m1tk4 earned 2000 total points
ID: 16655232
Jailing samba is trivial - you just expose the shares of these directories and that's it, no going outside of them.

To jail vsftpd users, add:

chroot_local_user=YES
passwd_chroot_enable=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

to /etc/vsftpd/vsftpd.conf

and create /etc/vsftpd.chroot_list file. Note that /etc/vsftpd.chroot_list will contain user names of users who are NOT supposed to be jailed, the rest of them will be confined to their home directories. After that, you just change user directories in /etc/passwd to point to /var/ftp/user.... Don't forget to restart vsftpd.

3rd part of the puzzle, jailing SCP access is explained here: http://www.fuschlberger.net/programs/ssh-scp-chroot-jail/
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Often times it's very very easy to extend a volume on a Linux instance in AWS, but impossible to shrink it. I wanted to contribute to the experts-exchange community a way of providing a procedure that works on an AWS instance. It can also be used on…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Suggested Courses
Course of the Month15 days, 2 hours left to enroll

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question