I have set up ftp servers for myself many times in ubuntu and have never had to worry about allowing users access to all areas of the computer as it was just me. However I wanted to add someone else who could only access their home directory today, which proved more difficult than expected. When I tried to do this by switching on chroot_local_user in the vsftpd config, the ftp server would no longer allow me to log in giving the following error:
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
This cannot be solved in Ubuntu 12.04 by adding the following line (suggested by some sites)
allow_writeable_chroot=YES
The solution is to not switch on chroot_local_user, but to run the following command on each home directory:
sudo chmod 0750 /home/users-name
Now users can't access each others directories, even when they log in through ssh, double bonus.
Final vsftpd config:
listen=YES anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES #chroot_local_user=YES secure_chroot_dir=/var/run/vsftpd/empty pam_service_name=vsftpd rsa_cert_file=/etc/ssl/private/vsftpd.pem
Centos 6 Users
yum install vsftpd
You need to comment out this line in the config file shown above:
secure_chroot_dir=/var/run/vsftpd/empty
You also need to run these commands (as root):
getsebool -a | grep ftp
setsebool -P ftp_home_dir on
getsebool -a | grep ftp
setsebool -P ftp_home_dir on
getsebool -a | grep ftp
Hi,
ReplyDeleteThanks for sharing great post . This is useful to setup Centos ftp server .