Chrooting and user privileges with Fedora Core 1.0

Chrooting and user privileges with Fedora Core 1.0

I am using Fedora Core 1.0 on my Web server and have installed VSFTPD on it. If I create an account and give it a home directory, (i.e. /var/www/test) and try to access FTP with this account, it goes into the directory /var/www/test. However, if after logging into FTP I press the "back" button, it takes me to /var/www folder where the user can see all of the data. How do I restrict the user to access their home directories only?

    Requires Free Membership to View

    When you register, my team of editors will also send you resources covering Linux administration and management; integration and interoperability between Linux, Windows and Unix; securing Linux and mixed-platform environments; and migrating to Linux.

    Margie Semilof, Editorial Director

    By submitting your registration information to SearchEnterpriseLinux.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchEnterpriseLinux.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

In order to lock a user into their home directory you need to look atvsftpd's chroot functionality. You need to edit the /etc/vsftpd/vsftpd.conf configuration file and change the hroot_list_enable option to "Yes." You then specify a file called /etc/vsftpd.chroot and add all the users you wish to chroot to this file. Or, if you wish, add all users to be chroot'ed then you can set the chroot_local_user option to "Yes." Chrooting an FTP server can be complicated and have some serious security implications. I recommend you read the vsftpd.conf man page carefully.

This was first published in March 2006