So far I have been unable to keep an FTP user jailed to their website directory. Is there a solution that both fixes this bug and keeps the user jailed to their directory?
My vsFTPd settings that I changed:
listen_port=9000
Set: anonymous_enable=NO
Uncomment: local_enable=YES
Uncomment: write_enable=YES
Uncomment: local_umask=022
Set: connect_from_port_20=NO
Uncomment: idle_session_timeout=600
Uncomment: data_connection_timeout=120
Comment out: #ftpd_banner=Welcome to blah FTP service. [should be on line 104]
Added: banner_file=/etc/issue.net
Uncomment: chroot_local_user=YES
Uncomment: chroot_local_user=YES
Uncomment: chroot_list_enable=YES
Uncomment : chroot_list_file=/etc/vsftpd.chroot_list
At the end of the file I added:
# Show hidden files and the "." and ".." folders.
# Useful to not write over hidden files:
force_dot_files=YES
# Hide the info about the owner (user and group) of the files.
hide_ids=YES
# Connection limit for each IP address:
max_per_ip=10
# Maximum number of clients:
max_clients=5
# FTP Passive Settings
pasv_enable=YES
#If your listen_port is 9000 set this range to 7500 and 8500
pasv_min_port=[port range min]
pasv_max_port=[port range max]
The user in question, mybloguser, is jailed to her/his website directory under /srv/www/myblog and this user is not part of the nano /etc/vsftpd.chroot_list file. The user’s home directory is also /srv/www/myblog which used to work in the past.
I tried the allow_writeable_chroot=YES solution which did not work, and actually broke vsFTPd completely.
I have tried:
-
Fixing 500 OOPS: vsftpd: refusing to run with writable root inside chroot ()
-
Fixing 500 OOPS: vsftpd: refusing to run with writable root inside chroot() on vsftpd
How can we both fix this error and keep the user jailed to their home directory?
Best Answer
For VSFTPD 3,
/etc/vsftpd.confand add this:
Just add it if it does not exist yet.
Restart the vsftpd service:
And it should work.