I am trying to figure out the process for locking down user sessions in vsftpd.
The information I am going on so far is as follows:
If activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting.
If set to YES, local users will be placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users also have shell access. Only enable if you know what you are doing.
--- My questions are:
What are the security risks if I lock users to their home directories? I would think this is more secure, not less.
Secondly it seems even with that option, I can still browse around the higher level directories, I can't access all the directories, but I can still see them, which I don't want users to be able to do.
How exactly can I make it so a user connects, and only sees his user folder, and can not go above it, even to see the home folder, where the other users are listed. Of course I want them to be able to create and access folders within their own user folder, but absolutely nothing above it.
Thanks for any help!