Quickzi: How to Jail VSFTPD Users

If you’re worried about FTP users exploring outside of their home directory, you want to set up what is called a chroot jail.

To do this, open the /etc/vsftpd.conf file:

vim /etc/vsftpd.conf

and make the following modifications (line should be uncommented):

chroot_local_user=YES

After you save the file, restart vsftpd:

/etc/init.d/vsftpd restart

Now all users will be jailed to their own home directory when using FTP.
Now, lets say you only want to jail certain users, and allow other users to browse other directories. To do this, you’ll want to again edit the configuration file.

vim /etc/vsftpd.conf

uncomment the following lines:

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

After you save the file, restart vsftpd:

/etc/init.d/vsftpd restart

Now you will need to create the /etc/vsftpd.chroot_list file and add in users you do NOT want to jail. By default, all users will be jailed. In the /etc/vsftpd.chroot_list file you can specify what users to allow to browse all directories.

Prevent users from logging into your system

If you are a system administrator who allows remote access to your server or desktop, you may want to disable certain users from logging into the system both remotely and locally. This article will explain how to prevent certain users from logging into your Linux machine via SSH (OpenSSH_4.4p1) and FTP (vsftpd 2.0.5).

First we must understand that in most cases there are two different ways an allowed user may be logging into your Linux server. Continue reading