How to lock ftp user in a specific folder?

S

SlyDeath2019-01-09 09:54:28

FTP

SlyDeath, 2019-01-09 09:54:28

Hello!
The answer didn't come up. chroot_local_user=YES doesn't help, the user can still move above his home directory. I noticed that some servers when logging in via FTP show the path not /var/www/ftp but simply / and there is no link to the rise above in principle. How can this be configured with vsftpd?

listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
ssl_ciphers=HIGH
user_sub_token=$USER
local_root=/var/www/ftp
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

S

SlyDeath, 2019-01-09
@SlyDeath

Decided!
Removed:

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

And he added:
Both commentators suggested a solution. Thank you! :)
The error occurs when the account from which the connection is made has write permissions to the root home directory, and a secure connection via TLS is also used. In vsFTPd, by default, this results in an error. And I also had to give an entry to the root, not a subfolder. The allow_writeable_chroot directive allows writing to the root of the chroot.

D

Dmitry, 2019-01-09
@q2digger

It's strange, I checked, everything works as it should - chroot in my folder, I can't go higher.
but i don't use

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

Do you have a sheet that contains the correct users?