[CentOS] vsftpd

Tue Oct 7 05:40:39 UTC 2008
Mad Unix <madunix at gmail.com>

Hi ALL

I'm using vsftpd as  FTP server, and I'd like to chroot my FTP users
to their home dir. How can I do it? i.e. "jailing" them in their home
dir...
at the moment I have the following issues the user when they login to
ftp server they go to the main directory /var/ftp/

/etc/passwd
...
sdc:x:501:501::/var/ftp/sdc:/bin/bash
ase:x:502:501::/var/ftp/ase:/bin/bash
jsc:x:503:501::/var/ftp/jsc/:/bin/bash


[root at linux10 ftp]# pwd
/var/ftp
[root at linux10 ftp]# ls -al
total 28
drwx--x--x  6 root ftpusers 4096 Oct  6 13:46 .
drwxr-xr-x 22 root root     4096 Oct  5 15:42 ..
drwx------  3 ase  ftpusers 4096 Oct  6 20:30 ase
drwx------  3 jsc  ftpusers 4096 Oct  6 17:27 jsc
drwx------  2 pons pons     4096 Oct  6 16:22 pub
drwx------  5 sdc  ftpusers 4096 Oct  6 17:19 sdc

chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list
chroot_local_user=YES
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
#ls_recurse_enable=YES
#
# When "listen" directive is enabled, vsftpd runs in standalone mode and
# listens on IPv4 sockets. This directive cannot be used in conjunction
# with the listen_ipv6 directive.
listen=YES
#
# This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
# sockets, you must run two copies of vsftpd whith two configuration files.
# Make sure, that one of the listen options is commented !!
#listen_ipv6=YES

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
###added for TLSand SSL permission
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=NO
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
local_root=/var/ftp
#userlist_file=/etc/vsftpd/ftpusers
userlist_file=/etc/vsftpd/ftpusers
#userlist_file=/etc/vsftpd/user_list
pasv_enable=YES
anon_max_rate=10485760
local_max_rate=0
max_clients=500
max_per_ip=4
passwd_chroot_enable=YES