Hi ALL
I'm using vsftpd as FTP server, and I'd like to chroot my FTP users
to their home dir. How can I do it? i.e. "jailing" them in their home
dir...
at the moment I have the following issues the user when they login to
ftp server they go to the main directory /var/ftp/
/etc/passwd
...
sdc:x:501:501::/var/ftp/sdc:/bin/bash
ase:x:502:501::/var/ftp/ase:/bin/bash
jsc:x:503:501::/var/ftp/jsc/:/bin/bash
[root at linux10 ftp]# pwd
/var/ftp
[root at linux10 ftp]# ls -al
total 28
drwx--x--x 6 root ftpusers 4096 Oct 6 13:46 .
drwxr-xr-x 22 root root 4096 Oct 5 15:42 ..
drwx------ 3 ase ftpusers 4096 Oct 6 20:30 ase
drwx------ 3 jsc ftpusers 4096 Oct 6 17:27 jsc
drwx------ 2 pons pons 4096 Oct 6 16:22 pub
drwx------ 5 sdc ftpusers 4096 Oct 6 17:19 sdc
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES
#
# You may activate the "-R" option to the builtin ls. This is disabled
by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and
"mirror" assume
# the presence of the "-R" option, so there is a strong case for
enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode
and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
###added for TLSand SSL permission
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
local_root=/var/ftp
#userlist_file=/etc/vsftpd/ftpusers
userlist_file=/etc/vsftpd/ftpusers
#userlist_file=/etc/vsftpd/user_list
pasv_enable=YES
anon_max_rate=10485760
local_max_rate=0
max_clients=500
max_per_ip=4
passwd_chroot_enable=YES