Chrooting and user privileges with Fedora Core 1.0

Security expert James Turnbull recommends examining chroot functionality to prevent users from taking advantage of the "back" button.

This Content Component encountered an error
I am using Fedora Core 1.0 on my Web server and have installed VSFTPD on it. If I create an account and give it a home directory, (i.e. /var/www/test) and try to access FTP with this account, it goes into the directory /var/www/test. However, if after logging into FTP I press the "back" button, it takes me to /var/www folder where the user can see all of the data. How do I restrict the user to access their home directories only?

In order to lock a user into their home directory you need to look atvsftpd's chroot functionality. You need to edit the /etc/vsftpd/vsftpd.conf configuration file and change the hroot_list_enable option to "Yes." You then specify a file called /etc/vsftpd.chroot and add all the users you wish to chroot to this file. Or, if you wish, add all users to be chroot'ed then you can set the chroot_local_user option to "Yes." Chrooting an FTP...

server can be complicated and have some serious security implications. I recommend you read the vsftpd.conf man page carefully.

This was first published in March 2006

Dig deeper on Noncommercial Linux distributions

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: