What is Chroot jail ?
[ definition at wikipedia ]
A chroot on Unix operating systems is an operation that changes the apparent disk root directory for the current running process. Read more about chroot and implementation..
Why use Chroot jail in VSFTPD ?
Chroot jail is used for that any user login to ftp cannot access filesystem outside of its home directory. For example if chroot is not enabled and login to ftp server and try to access any location like /etc/httpd/conf for /etc directories.
As per above screenshot, you can see a normal user ‘tecadmin’ can view the apache configuration files. Although you can go anywhere ( all directories ) in system.
Enable Chroot Jail in VSFTPD
To enable chroot jail in vsftp, Edit vsftp configuration file in your favorite editor
# vim /etc/vsftpd/vsftpd.conf
and un comment or add following entry in configuration file
chroot_local_user=YES
After adding above line, save file and restart vsftpd service.
# service vsftpd restart
Now your vsftp server has enabled chroot jail and all users has limited access to there home directory.
Check the below screenshot created after enabling chroot jail and compare difference with old screenshot.
You can see that now user ‘tecadmin’ has limited access to there home directory only.
3 Comments
does absolutely nothing. I have tried everything I can think of.
Thanks so much! This was incredibly helpful…..
Very good info about security… thanks for sharing this article…..