0

System: Ubuntu 18.04 Server VSFTPD installed.

What I got so far:

sudo adduser user sudo mkdir -p /opt/chroot/transfer sudo chown user /opt/chroot/transfer

# */etc/ssh/sshd_config*

Include /etc/ssh/sshd_config.d/.conf
Port 22
ChallengeResponseAuthentication no
ChallengeResponseAuthentication no
UsePAM yes
X11Forwarding yes
PrintMotd no
#ChrootDirectory /opt/chroot/transfer               (
AcceptEnv LANG LC_
Subsystem sftp  /usr/lib/openssh/sftp-server


Example of overriding settings on a per-user basis


Match User user


X11Forwarding no


AllowTcpForwarding no


PermitTTY no


ForceCommand cvs server


PasswordAuthentication yes


/etc/vsftpd.conf


listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
write_enable=NO
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO


allow_writeable_chroot=YES

I can't get any further. User can access anywhere. :/ User is supposed only have access via ssh (port 22) to /opt/chroot/transfer

nm82
  • 11

1 Answers1

0

The solution:

Install vsftpd using this as a guide.

  • Create user with useradd [user_name].

  • Create user's password with passwd [user_name]. (You'll be prompted to specify the password).

  • Create FTP directory in /var/ftp and then bind to the 'home' directory you wish to specify for this user with mount --bind /var/www/vhosts/domain.com/ /var/ftp/custom_name/.

  • Change user's home directory with usermod -d /var/ftp/custom_name/ user_name

In /etc/vsftpd/vsftpd.conf, ensure all all of the following are set:-

 *chroot_local_user=YES
 chroot_list_enable=YES
 chroot_list_file=/etc/vsftpd.chroot_list*

Only list users in the vsftpd.chroot_list file if you want them to have full access to anywhere on the server. By not listing them in this file, you're saying restrict all vsftpd users to their specified home directory.

In other words (for reference):-

  1. means that by default, ALL users get chrooted except users in the file...

    chroot_local_user=YES chroot_list_enable=YES

  2. means that by default, ONLY users in the file get chrooted...

chroot_local_user=NO chroot_list_enable=YES

Source: User zigojacko

https://serverfault.com/questions/544850/create-new-vsftpd-user-and-lock-to-specify-home-login-directory

nm82
  • 11