chroot jails keep your users locked in a directory and not let them wander about the filesystem to places they have no business poking their noses into.
Alrighty, let's implement this in our vsftpd server so that you don't have your FTP users peeking at the passwd and shadow files. We assume you've already created your FTP user and have set their home directory to the
uploads directory. This was covered in the previous article - Setting up vsftpd on Ubuntu.
Now here's the glitch - your
uploads folder has to be writable but chroot requires that your root / parent folder into which the user chroots is not writable. Okay, let's tackle this -
First of all, check the
vsftpd version you're currently running and make sure it's above v3
$ vsftpd -v vsftpd: version 3.0.2
Now, edit the
/etc/vsftpd.conf file -
$ sudo vi /etc/vsftpd.conf and change/add the following lines:
And restart our vsftpd server -
$ sudo service vsftpd restart
We want to ensure that the user isn't a pesky one, who bypasses all the restrictions we just put in place with our new vsftpd configuration, by SSH-ing into the box.
There are a lot of ways to tackle this, but I'm going to use a dummy shell to do so.
First, we create an empty file in our
/bin directory called
$ sudo touch /bin/fakeshell
Next, I modify the user created in the previous post (
uploader) to use this shell by default.
$ sudo usermod -s /bin/fakeshell uploader # Just to confirm $ tail -1 /etc/passwd uploader:x:1001:1001::/var/www/html/wordpress/wp-content/uploads:/bin/fakeshell
Now when you try to SSH with your FTP user credentials:
$ ssh email@example.com firstname.lastname@example.org's password: Permission denied, please try again.
And that's it, you have created a chroot jail which your FTP users can't get out of or try to SSH into your box!
Download the official 2buntu app for both Android and Ubuntu Touch.