logo

Chrooted user for VSFTP and Webserver purpose

Date: 2016-12-10

If you need to create a chrooted user for one of your webservers particular folder please read this article.

1. First we need to create a system user

Code:

# useradd test
# passwd test



2. Disable SSH access for FTP users
The default user creation script will give a user the /bin/bash shell, which can be a little too powerful. If you don't want your users logging into your server via SSH, we need to know how to block this access. If you change the shell to /bin/false, the users will only be able to login via ftp or mail if you have that setup. Here is how to modify your users:

Code:

usermod -s /sbin/nologin test



3. Now add group www-data to your test user by issuing:

Code:

usermod -a -G www-data,test test


Where test is the user you want to modify and www-data and test are the new groups you want that user to join. Running the command without the -a argument will remove that user from all groups except group1 and group2.

You can check /etc/groups file to see the result.


4. Configure vsftpd to be chrooted.


5. Root directory for example /var/www/test/ needs to be owned by root user and group. The rest of the folders and files inside this directory should have www-data:test permissions.

6. Change root directory of your user by modifying /etc/passwd

Code:

test:x:1001:1001::/var/www/test:/bin/ftponly


Important: number 1001 above could be different in your case.


read more: https://www.digitalocean.com/community/tutorials/how-to-set-up-vsftpd-for-a-user-s-directory-on-ubuntu-16-04




ubuntudog.com © 2017 | About | Sitemap | Contact