Solved

vsftpd: locking users to home directories using chroot_local_user

Posted on 2011-02-20
10
801 Views
Last Modified: 2013-12-16
I'm trying to lock one specific user to their home directory.
I've googled the issue and read all the other posts, (http://www.experts-exchange.com/OS/Linux/Administration/Q_24193390.htm).

I've tried:
chroot_local_user=YES
# chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd/chroot_list

I've tried:
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
(with chroot_list having the name of the user I want to restrict)

And I've tried some other combinations.
My /home directory permissions are 2751.

What am I missing?

vsftpd.conf:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

Open in new window

0
Comment
Question by:indsupport
  • 5
  • 4
10 Comments
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
did you follow the links

http://www.experts-exchange.com/OS/Linux/Q_23155804.html

and the example config file given?

See also

http://vsftpd.beasts.org/vsftpd_conf.html
0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
did you try to restart vsftpd ?
0
 

Author Comment

by:indsupport
Comment Utility
Yes, I've already seen both of those links, and I restarted vsftpd after every config change I made.
0
 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
can you post your config file?
0
 

Author Comment

by:indsupport
Comment Utility
My config file is posted in the first post on this question.
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 40

Expert Comment

by:omarfarid
Comment Utility
Are you sure that below lines are added to the config file? the posted config file doesn't contain them

chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
0
 

Author Comment

by:indsupport
Comment Utility
In my original post, I stated that I tried different things:

I've tried:
chroot_local_user=YES
# chroot_list_enable=YES
#chroot_list_file=/etc/vsftpd/chroot_list

I've tried:
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
(with chroot_list having the name of the user I want to restrict)

The version of my config file above shows the first iteration of these tries (chroot_local_user=YES).

Again, I really appreciate your time with this.  It is really baffling me.
0
 
LVL 2

Expert Comment

by:maxalarie
Comment Utility
Whats the value of this option in vsftpd.conf: local_enable
0
 

Accepted Solution

by:
indsupport earned 0 total points
Comment Utility
Still looking
0
 

Author Closing Comment

by:indsupport
Comment Utility
No answer found
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

This is the error message I got (CODE) Error caused by incompatible libmp3lame 3.98-2 with ffmpeg I've googled this error message and found out sometimes it attaches this note "can be treated with downgrade libmp3lame to version 3.97 or 3.98" …
Network Interface Card (NIC) bonding, also known as link aggregation, NIC teaming and trunking, is an important concept to understand and implement in any environment where high availability is of concern. Using this feature, a server administrator …
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now