I want to configure vsftpd service and limit a user to just specific directory. I did below steps to configure vsftpd:
1- I created an account and set a password for it:
Then I changed vsftpd configuration as below:# useradd jason
# passwd jason
Code: Select all
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
log_ftp_protocol=YES
connect_from_port_20=YES
chroot_local_user=YES
listen=NO
listen_ipv6=Yes
pam_service_name=vsftpd
# Home User
userlist_enable=YES
virtual_use_local_privs=YES
userlist_deny=NO
##
ssl_enable=YES
ssl_tlsv1_2=YES
ssl_sslv2=NO
ssl_sslv3=NO
pasv_min_port=40000
pasv_max_port=50000
rsa_cert_file=/etc/ssl/private/vsftpd.pem
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
require_ssl_reuse=NO
ssl_ciphers=HIGH
debug_ssl=YES
Code: Select all
# mkdir /etc/vsftpd/user_config_dir/
# touch /etc/vsftpd/user_config_dir/jason
Code: Select all
local_root=/var/www/wp/
write_enable=YES
Code: Select all
# cat ftpusers
# Users that are not allowed to login via ftp
root
bin
daemon
adm
lp
sync
shutdown
halt
mail
news
uucp
operator
games
nobody
Code: Select all
# cat user_list
# vsftpd userlist
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
#root
#bin
#daemon
#adm
#lp
#sync
#shutdown
#halt
#mail
#news
#uucp
#operator
#games
#nobody
jason
I'm using FileZilla and can connect to FTP server but jason user see its home directory and can see other parts of system too.
What is my problem? Which part is wrong?
Thank you.