Skip to main content

Posts

Showing posts from February, 2009

VSFTPD-chrooted user with limited directory access

Create a user with home directory /foo . Otherwise we can create a normal user and then edit /etc/passwd to change the home directory (useradd hari -d /foo). Here we chose the latter option since it's a sensible directory and we don't wnat to take risk by putting .bash files. # useradd hari # grep hari /etc/passwd hari:x:796:796::/home/hari:/bin/bash Now change the home directory to /foo # vi /etc/passwd # grep hari /etc/passwd hari:x:796:796::/foo:/sbin/nologin Note that we have changed the home directory from /home/hari to /foo and the shell from /bin/bash to /sbin/nologin Added the below two lines in /etc/vsftpd/vsftpd.conf for enabling chroot functionality. # vi /etc/vsftpd/vsftpd.conf chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list Now add the user hari to Chroot List file. # echo hari >> /etc/vsftpd.chroot_list Now verify the permission of /foo, /foo/tux and /foo/beastie [root@psycho ~]# ls -ld /foo/ drwxrwx--- 17 root ft