vsftpd: permit the user see only her/his home directory
Clash Royale CLAN TAG#URR8PPP
up vote
1
down vote
favorite
I have just installed vsftpd and created a new user: sudo useradd new_user -m. Then I have uncommented the line below at /etc/vsftpd.conf:
chroot_local_user=YES
to permit the user to see (access) only her/his home directory.
I have then restarted vsftpd.
The problem: when I connect through ssh or a ftp client using that new user, the new user can see (access) every computer directories, and I expected she/he to see only her/his home directory.
Im on Ubuntu 14.04
users vsftpd
edited Oct 8 '16 at 7:59
gogoud
1,690716
asked Oct 7 '16 at 20:39
tirengarfio
124116
add a comment |
up vote
1
down vote
favorite
I have just installed vsftpd and created a new user: sudo useradd new_user -m. Then I have uncommented the line below at /etc/vsftpd.conf:
chroot_local_user=YES
to permit the user to see (access) only her/his home directory.
I have then restarted vsftpd.
The problem: when I connect through ssh or a ftp client using that new user, the new user can see (access) every computer directories, and I expected she/he to see only her/his home directory.
Im on Ubuntu 14.04
users vsftpd
edited Oct 8 '16 at 7:59
gogoud
1,690716
asked Oct 7 '16 at 20:39
tirengarfio
124116
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I have just installed vsftpd and created a new user: sudo useradd new_user -m. Then I have uncommented the line below at /etc/vsftpd.conf:
chroot_local_user=YES
to permit the user to see (access) only her/his home directory.
I have then restarted vsftpd.
The problem: when I connect through ssh or a ftp client using that new user, the new user can see (access) every computer directories, and I expected she/he to see only her/his home directory.
Im on Ubuntu 14.04
users vsftpd
edited Oct 8 '16 at 7:59
gogoud
1,690716
asked Oct 7 '16 at 20:39
tirengarfio
124116
I have just installed vsftpd and created a new user: sudo useradd new_user -m. Then I have uncommented the line below at /etc/vsftpd.conf:
chroot_local_user=YES
to permit the user to see (access) only her/his home directory.
I have then restarted vsftpd.
The problem: when I connect through ssh or a ftp client using that new user, the new user can see (access) every computer directories, and I expected she/he to see only her/his home directory.
Im on Ubuntu 14.04
users vsftpd
users vsftpd
edited Oct 8 '16 at 7:59
gogoud
1,690716
asked Oct 7 '16 at 20:39
tirengarfio
124116
edited Oct 8 '16 at 7:59
gogoud
1,690716
asked Oct 7 '16 at 20:39
tirengarfio
124116
edited Oct 8 '16 at 7:59
gogoud
1,690716
edited Oct 8 '16 at 7:59
gogoud
1,690716
edited Oct 8 '16 at 7:59
gogoud
1,690716
1,690716
asked Oct 7 '16 at 20:39
tirengarfio
124116
asked Oct 7 '16 at 20:39
tirengarfio
124116
asked Oct 7 '16 at 20:39
tirengarfio
124116
124116
add a comment |
add a comment |
2 Answers
2
active
oldest
votes
up vote
0
down vote
Try
passwd_chroot_enable=yes
passwd_chroot_enable
If enabled, along with chroot_local_user , then a chroot() jail location may be specified on a per-user basis. Each user's jail is derived from their home directory string in /etc/passwd. The occurrence of /./ in the home directory string denotes that the jail is at that particular location in the path.
Also note AFAIR vsftp has to run as root to let any chroot settings work!
See also
run_as_launching_user
[...] Specifically, vsftpd does not / cannot use chroot technology to restrict file access when this option is set (even if launched by root). [...]
answered Oct 7 '16 at 21:01
rudimeier
5,3771632
thanks, but doesn't work. I stil can access every directories with that user.
– tirengarfio
Oct 7 '16 at 21:05
Have you checked my last edits? Is vsftp running as root?
– rudimeier
Oct 7 '16 at 21:10
add a comment |
up vote
0
down vote
My apologies but I don't have an unmodified copy of /etc/vsftpd.conf from Ubuntu 14.04 handy for comparison. Perhaps this will help.
If you have chroot_list_enable activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login.
The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting, Excerpt from man page for that seting is below.
chroot_list_file
The option is the name of a file containing a list of local users which will be placed in a chroot() jail in their home directory. This option is only relevant if the option chroot_list_enable is enabled. If the option chroot_local_user is enabled, then the list file becomes a list of users to NOT place in a chroot() jail.
Default: /etc/vsftpd.chroot_list
Sources:
https://security.appspot.com/vsftpd/vsftpd_conf.html
https://linux.die.net/man/5/vsftpd.conf
answered Oct 7 '16 at 21:06
Elder Geek
537317
add a comment |
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
0
down vote
Try
passwd_chroot_enable=yes
passwd_chroot_enable
If enabled, along with chroot_local_user , then a chroot() jail location may be specified on a per-user basis. Each user's jail is derived from their home directory string in /etc/passwd. The occurrence of /./ in the home directory string denotes that the jail is at that particular location in the path.
Also note AFAIR vsftp has to run as root to let any chroot settings work!
See also
run_as_launching_user
[...] Specifically, vsftpd does not / cannot use chroot technology to restrict file access when this option is set (even if launched by root). [...]
answered Oct 7 '16 at 21:01
rudimeier
5,3771632
thanks, but doesn't work. I stil can access every directories with that user.
– tirengarfio
Oct 7 '16 at 21:05
Have you checked my last edits? Is vsftp running as root?
– rudimeier
Oct 7 '16 at 21:10
add a comment |
up vote
0
down vote
Try
passwd_chroot_enable=yes
passwd_chroot_enable
If enabled, along with chroot_local_user , then a chroot() jail location may be specified on a per-user basis. Each user's jail is derived from their home directory string in /etc/passwd. The occurrence of /./ in the home directory string denotes that the jail is at that particular location in the path.
Also note AFAIR vsftp has to run as root to let any chroot settings work!
See also
run_as_launching_user
[...] Specifically, vsftpd does not / cannot use chroot technology to restrict file access when this option is set (even if launched by root). [...]
answered Oct 7 '16 at 21:01
rudimeier
5,3771632
thanks, but doesn't work. I stil can access every directories with that user.
– tirengarfio
Oct 7 '16 at 21:05
Have you checked my last edits? Is vsftp running as root?
– rudimeier
Oct 7 '16 at 21:10
add a comment |
up vote
0
down vote
up vote
0
down vote
Try
passwd_chroot_enable=yes
passwd_chroot_enable
If enabled, along with chroot_local_user , then a chroot() jail location may be specified on a per-user basis. Each user's jail is derived from their home directory string in /etc/passwd. The occurrence of /./ in the home directory string denotes that the jail is at that particular location in the path.
Also note AFAIR vsftp has to run as root to let any chroot settings work!
See also
run_as_launching_user
[...] Specifically, vsftpd does not / cannot use chroot technology to restrict file access when this option is set (even if launched by root). [...]
answered Oct 7 '16 at 21:01
rudimeier
5,3771632
Try
passwd_chroot_enable=yes
passwd_chroot_enable
If enabled, along with chroot_local_user , then a chroot() jail location may be specified on a per-user basis. Each user's jail is derived from their home directory string in /etc/passwd. The occurrence of /./ in the home directory string denotes that the jail is at that particular location in the path.
Also note AFAIR vsftp has to run as root to let any chroot settings work!
See also
run_as_launching_user
[...] Specifically, vsftpd does not / cannot use chroot technology to restrict file access when this option is set (even if launched by root). [...]
answered Oct 7 '16 at 21:01
rudimeier
5,3771632
edited Oct 7 '16 at 21:06
answered Oct 7 '16 at 21:01
rudimeier
5,3771632
answered Oct 7 '16 at 21:01
rudimeier
5,3771632
answered Oct 7 '16 at 21:01
rudimeier
5,3771632
5,3771632
thanks, but doesn't work. I stil can access every directories with that user.
– tirengarfio
Oct 7 '16 at 21:05
Have you checked my last edits? Is vsftp running as root?
– rudimeier
Oct 7 '16 at 21:10
add a comment |
thanks, but doesn't work. I stil can access every directories with that user.
– tirengarfio
Oct 7 '16 at 21:05
Have you checked my last edits? Is vsftp running as root?
– rudimeier
Oct 7 '16 at 21:10
thanks, but doesn't work. I stil can access every directories with that user.
– tirengarfio
Oct 7 '16 at 21:05
thanks, but doesn't work. I stil can access every directories with that user.
– tirengarfio
Oct 7 '16 at 21:05
Have you checked my last edits? Is vsftp running as root?
– rudimeier
Oct 7 '16 at 21:10
Have you checked my last edits? Is vsftp running as root?
– rudimeier
Oct 7 '16 at 21:10
add a comment |
up vote
0
down vote
My apologies but I don't have an unmodified copy of /etc/vsftpd.conf from Ubuntu 14.04 handy for comparison. Perhaps this will help.
If you have chroot_list_enable activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login.
The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting, Excerpt from man page for that seting is below.
chroot_list_file
The option is the name of a file containing a list of local users which will be placed in a chroot() jail in their home directory. This option is only relevant if the option chroot_list_enable is enabled. If the option chroot_local_user is enabled, then the list file becomes a list of users to NOT place in a chroot() jail.
Default: /etc/vsftpd.chroot_list
Sources:
https://security.appspot.com/vsftpd/vsftpd_conf.html
https://linux.die.net/man/5/vsftpd.conf
answered Oct 7 '16 at 21:06
Elder Geek
537317
add a comment |
up vote
0
down vote
My apologies but I don't have an unmodified copy of /etc/vsftpd.conf from Ubuntu 14.04 handy for comparison. Perhaps this will help.
If you have chroot_list_enable activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login.
The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting, Excerpt from man page for that seting is below.
chroot_list_file
The option is the name of a file containing a list of local users which will be placed in a chroot() jail in their home directory. This option is only relevant if the option chroot_list_enable is enabled. If the option chroot_local_user is enabled, then the list file becomes a list of users to NOT place in a chroot() jail.
Default: /etc/vsftpd.chroot_list
Sources:
https://security.appspot.com/vsftpd/vsftpd_conf.html
https://linux.die.net/man/5/vsftpd.conf
answered Oct 7 '16 at 21:06
Elder Geek
537317
add a comment |
up vote
0
down vote
up vote
0
down vote
My apologies but I don't have an unmodified copy of /etc/vsftpd.conf from Ubuntu 14.04 handy for comparison. Perhaps this will help.
If you have chroot_list_enable activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login.
The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting, Excerpt from man page for that seting is below.
chroot_list_file
The option is the name of a file containing a list of local users which will be placed in a chroot() jail in their home directory. This option is only relevant if the option chroot_list_enable is enabled. If the option chroot_local_user is enabled, then the list file becomes a list of users to NOT place in a chroot() jail.
Default: /etc/vsftpd.chroot_list
Sources:
https://security.appspot.com/vsftpd/vsftpd_conf.html
https://linux.die.net/man/5/vsftpd.conf
answered Oct 7 '16 at 21:06
Elder Geek
537317
My apologies but I don't have an unmodified copy of /etc/vsftpd.conf from Ubuntu 14.04 handy for comparison. Perhaps this will help.
If you have chroot_list_enable activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login.
The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting, Excerpt from man page for that seting is below.
chroot_list_file
The option is the name of a file containing a list of local users which will be placed in a chroot() jail in their home directory. This option is only relevant if the option chroot_list_enable is enabled. If the option chroot_local_user is enabled, then the list file becomes a list of users to NOT place in a chroot() jail.
Default: /etc/vsftpd.chroot_list
Sources:
https://security.appspot.com/vsftpd/vsftpd_conf.html
https://linux.die.net/man/5/vsftpd.conf
answered Oct 7 '16 at 21:06
Elder Geek
537317
edited Oct 7 '16 at 21:14
answered Oct 7 '16 at 21:06
Elder Geek
537317
answered Oct 7 '16 at 21:06
Elder Geek
537317
answered Oct 7 '16 at 21:06
Elder Geek
537317
537317
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f315042%2fvsftpd-permit-the-user-see-only-her-his-home-directory%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
