Chrooting and user privileges with Fedora Core 1.0

Security expert James Turnbull recommends examining chroot functionality to prevent users from taking advantage of the "back" button.

I am using Fedora Core 1.0 on my Web server and have installed VSFTPD on it. If I create an account and give it a home directory, (i.e. /var/www/test) and try to access FTP with this account, it goes into the directory /var/www/test. However, if after logging into FTP I press the "back" button, it takes me to /var/www folder where the user can see all of the data. How do I restrict the user to access their home directories only?

In order to lock a user into their home directory you need to look atvsftpd's chroot functionality. You need to edit the /etc/vsftpd/vsftpd.conf configuration file and change the hroot_list_enable option to "Yes." You then specify a file called /etc/vsftpd.chroot and add all the users you wish to chroot to this file. Or, if you wish, add all users to be chroot'ed then you can set the chroot_local_user option to "Yes." Chrooting an FTP server can be complicated and have some serious security implications. I recommend you read the vsftpd.conf man page carefully.

This was last published in March 2006

Dig Deeper on Noncommercial Linux distributions

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: