If you’re worried about FTP users exploring outside of their home directory, you want to set up what is called a chroot jail.

To do this, open the /etc/vsftpd.conf file:

vim /etc/vsftpd.conf

and make the following modifications (line should be uncommented):

chroot_local_user=YES

After you save the file, restart vsftpd:

/etc/init.d/vsftpd restart

Now all users will be jailed to their own home directory when using FTP.
Now, lets say you only want to jail certain users, and allow other users to browse other directories. To do this, you’ll want to again edit the configuration file.

vim /etc/vsftpd.conf

uncomment the following lines:

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

After you save the file, restart vsftpd:

/etc/init.d/vsftpd restart

Now you will need to create the /etc/vsftpd.chroot_list file and add in users you do NOT want to jail. By default, all users will be jailed. In the /etc/vsftpd.chroot_list file you can specify what users to allow to browse all directories.

Popularity: 5% [?]