vsftpd
January 5, 2008 at 3:13 pm Leave a comment
local_enable=YES
userlist_enable=YES
userlist_deny=NO
chroot_local_user=YES
chroot_list_enable=YES
anonymous_enable=NO
anon_root=/home/ftp/
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
anon_upload_enable=NO
write_enable=YES
force_dot_files=YES
dirmessage_enable=YES
xferlog_enable=YES
dual_log_enable=YES
connect_from_port_20=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to the FTP server.
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
———————————————————————————————————————————————————–
If activated, you may provide a list of local users who are placed in a chroot() jail in their home directory upon login. The meaning is slightly different if chroot_local_user is set to YES. In this case, the list becomes a list of users which are NOT to be placed in a chroot() jail. By default, the file containing this list is /etc/vsftpd.chroot_list, but you may override this with the chroot_list_file setting.
Default: NO
chroot_local_user
If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users have upload permission, or shell access. Only enable if you know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP daemons which offer to put local users in chroot() jails.
Default: NO
So if you have both set to YES, whatever local user that logs in can view every folder/file on your system. I set chroot_local_user to NO and now it locks the user to their home directory. Other than that thanks for the config file, definitely helped.
Trackback this post | Subscribe to the comments via RSS Feed