Setup vsftpd easily
If I run this config:
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=NO
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/private/vsftpd.pem
Then I get an error message:
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
However, if I add in allow_writeable_chroot=YES as suggested here, then it just fails to connect:
Connection attempt failed with "ECONNREFUSED – Connection refused by server"
However, if I remove that line that was just added and perform
sudo chmod a-w on the users home directory, they can now connect but the service is pointless as they can't upload anything.
Is there a way to restrict users to just their home directory, AND be able to connect and write to their home directory? Turning off chroot_local_user is not an option as they can then browse all the other users directories.
Best Answer
You're looking for the
allow_writeable_chrootconfiguration option, but this does not exist in the version of vsftpd shipped with 12.04. See bug 1065714 for a similar enquiry and details of why we can't have this in 12.04.Have you considered switching to private user directories by default? If you don't want users to be able to browse other users' directories, then a more secure way of achieving this is with the permission mechanism baked in to the system, rather than through each individual service. See the user management section of the server guide for details on how to do this. Would turning off
chroot_local_userthen be an option for you?