vsftpd – How to chroot FTP Users to Their Home Directories

29/12/2020
Chưa phân loại
chroot is a very important security feature of FTP servers.

When you log in to a FTP server, you don’t want users to browse all your filesystem. You only want him/her to browse the files that he/she is able access, usually their home directories. This is what chroot does. It locks the users in their home directories. The users can only browse the files and directories in their home directory. No matter how hard they try, they won’t be able to go outside their home directories.

In this article, I am going to show you how to use vsftpd chroot to lock users in their home directories. I am going to consider this article an extension of the article Manage Apache 2 VirtualHost with Macro on Ubuntu 18.04 LTS or How to Configure Apache VirtualHost on Ubuntu 18.04 LTS. Be sure to read these articles to setup all the FTP users and home directories. So, let’s get started.

How I want to Configure vsftpd:

In the Apache VirtualHost articles above, I’ve shown you how to set up Apache VirtualHost and host multiple websites on a single web server.

Now, I want to let all the website owners (users) to upload the required files to their webserver using FTP. So, I am going to configure vsftpd in a way that the users are able to upload the required files to their webserver using FTP.

Installing vsftpd on Ubuntu:

On Ubuntu, you can easily install vsftpd from the official package repository of Ubuntu with the APT package manager.

First, update the APT package manager cache with the following command:

$ sudo apt update

Now, install vsftpd with the following command:

$ sudo apt install vsftpd

vsftpd should be installed.

Configuring vsftpd:

The vsftpd configuration file is /etc/vsftpd.conf.

It’s always a good idea to keep a backup of the original vsftpd configuration file.

To create a backup vsftpd configuration file /etc/vsftpd.conf.backup, run the following command:

$ sudo mv -v /etc/vsftpd.conf /etc/vsftpd.conf.backup

Now, create a new /etc/vsftpd.conf file with the following command:

$ sudo nano /etc/vsftpd.conf

Now, type in the following lines and save the file by pressing <Ctrl> + x followed by y and <Enter>.

listen=YES
listen_ipv6=NO
connect_from_port_20=YES
 
anonymous_enable=NO
local_enable=YES
write_enable=YES
chroot_local_user=YES
allow_writeable_chroot=YES
secure_chroot_dir=/var/run/vsftpd/empty
 
pam_service_name=vsftpd
 
pasv_enable=YES
pasv_min_port=40000
pasv_max_port=45000
 
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

Finally, the /etc/vsftpd.conf configuration file looks like this.

Here, chroot_local_user option is responsible for locking the users in their home directories.

allow_writable_chroot option is responsible for write permissions on the home directories.

Now, restart the vsftpd service with the following command:

$ sudo systemctl restart vsftpd

Now, check whether the vsftpd service is running with the following command:

$ sudo systemctl status vsftpd

Great! The vsftpd service is running.

Now, you have to add all the users that you want to connect to their home directories and upload files to a configuration file /etc/vsftpd.userlist

Open the /etc/vsftpd.userlist configuration file with the following command:

$ sudo nano /etc/vsftpd.userlist

Now, type in all the usernames that you want to allow access to their home directories via FTP here. Then, save the file by pressing <Ctrl> + x followed by y and <Enter>.

Accessing the FTP Server:

Now, you can use any FTP client to connect to your FTP server. The most popular FTP client is FileZilla.

On Linux, you can also use Nautilus file manager to connect to your FTP server.

On Windows, you can add your FTP server as a network location and upload files there.

First, you have to know the IP address or host name of your FTP server.

You can find out the IP address of your FTP server with the following command:

$ ip a | egrep "inet "

As you can see, the IP address of my FTP server is 192.168.21.187. It should be different for you. So, make sure you replace it with yours from now on.

Using Nautilus to Access FTP Server:

If you want to login to your FTP server using Nautilus on Linux, first, open Nautilus and click on Other Locations. Then, type in ftp://username@IP_ADDR or ftp://username@DOMAIN_NAME in the Connect to Server section. Then, click on Connect.

Now, type in the password for your user (in my case, alice) and click on Unlock. You may also check Remember Password, if you want Nautilus to remember the login credentials. Otherwise, just leave it unchecked.

You should be logged in. As you can see, the www directory is here.

As you can see, I can go forward the directory chain.

The index.html file is also inside the public_html/ directory.

As you can see, I uploaded a file and it works. I can also access the html file from the Apache server.

Adding FTP Network Location on Windows:

If you want to login to your FTP server and use it on Windows by adding a network location, then check out the Accessing the FTP Server section of the article How to Setup an FTP Server with vsftpd on Ubuntu 18.04 LTS.

So, that’s how you setup vsftpd and configure it to chroot FTP users to their home directories. Thanks for reading this article.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

Installing VMware Workstation Pro on Debian 10

VMware Workstation Pro is one of the best Type-II hypervisor technology from VMware. It comes with a lot of great features...
29/12/2020

Installing and securing Plesk

In this tutorial I will explain how to install and secure a Plesk server, Plesk is the easiest way to manage a server professionally...
29/12/2020

Hướng dẫn cài đặt DirectAdmin lên máy chủ CentOS 6,7,8

Công cụ quản trị: DirectAdmin Phiên bản: Tất cả các phiên bản Dành cho: root (tài khoản có quyền...
30/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

SỰ KHÁC BIỆT GIỮA RESIDENTIAL PROXY VÀ PROXY DATACENTER
17/02/2024

Mua Proxy v6 US Private chạy PRE, Face, Insta, Gmail
07/01/2024

Mua shadowsocks và hướng dẫn sữ dụng trên window
05/01/2024

Tại sao Proxy Socks lại được ưa chuộng hơn Proxy HTTP?
04/01/2024

Mua thuê proxy v4 nuôi zalo chất lượng cao, kinh nghiệm tránh quét tài khoản zalo
02/01/2024