Restrict user to a directory vsftpd

permissions ftp vsftpd
136

The manual:

https://www.krizna.com/ubuntu/setup-ftp-server-on-ubuntu-14-04-vsftpd/

Setup FTP server on Ubuntu 14.04

Step 1 » Update repositories.

$ sudo apt-get update

Step 2 » Install VsFTPD package using the below command.

$ sudo apt-get install vsftpd

Step 3 » After installation open /etc/vsftpd.conf file and make changes as follows.

»Uncomment the below lines (line no:29 and 33).

write_enable=YES
local_umask=022

» Uncomment the below line (line no: 120 ) to prevent access to the other folders outside the Home directory.

chroot_local_user=YES

and add the following line at the end.

allow_writeable_chroot=YES

» Add the following lines to enable passive mode.

pasv_enable=Yes
pasv_min_port=40000
pasv_max_port=40100

Step 4 » Restart vsftpd service using the below command.

$ sudo service vsftpd restart

Step 5 » Now ftp server will listen on port 21. Create user with the below command.

Use /usr/sbin/nologin shell to prevent access to the bash shell for the ftp users .

$ sudo useradd -m john -s /usr/sbin/nologin
$ sudo passwd john

Step 6 » Allow login access for nologin shell . Open /etc/shells and add the following line at the end.

/usr/sbin/nologin
Share:
136

Related videos on Youtube

Chris G.
Author by

Chris G.

Updated on September 18, 2022

Comments

  • Chris G.
    Chris G. over 1 year

    I have a machine on a local network, that I have exposed to the Internet via port forwarding in the router.

    Now how can I expose the serving machine running Kubernetes on docker for mac?

    using minikube you can do:

    minikube tunnel

    But how to do it on mac for mac/desktop?

    Normally the LoadBalancer is created for you if you use a cloud provider.

    • Nephente
      Nephente over 8 years
      Did you set the option chroot_local_user=YES in /etc/vsftpd.conf and restarted the process afterwards?
    • Shikhar Baheti
      Shikhar Baheti over 8 years
      Yes I did that, I set chroot_local_user=YES and then restarted the process but service vsftpd restart. Here is my config file: pastebin.com/S1tf1X6r
    • Nephente
      Nephente over 8 years
      Strange. I just tried it with vsftpd version 3.0.2. Set local_enable=YES; chroot_local_user=YES; allow_writable_chroot=YES. I can log in with a local user account and the server jails me to my homedirectory, as it should.
    • Shikhar Baheti
      Shikhar Baheti over 8 years
      I'm too in my home directory, but what the problem is, I can see other directories too. Which I don't want to happen.
    • Nephente
      Nephente over 8 years
      You mean you can browse out of your home dir and view the content of /home?
    • Shikhar Baheti
      Shikhar Baheti over 8 years
      That is exactly what I mean. I allotted my user to /home/jer. But what can jer do is go anywhere and see everything. He can't edit, download or upload anything but he can still see everything, open it and copy materials from it. Which I don't want.
    • Nephente
      Nephente over 8 years
      Is the user jer in /etc/vsftpd.chroot_list? Together with chroot_local_user=YES this becomes a list of users NOT to chroot.
    • Shikhar Baheti
      Shikhar Baheti over 8 years
      Why is that I can't see see the file /etc/vsftpd.chroot.list? i.imgur.com/EPnDRNQ.png
    • Shikhar Baheti
      Shikhar Baheti over 8 years
      I'm sorry, I reinstalled vsftpd now and I made a vsftpd.chroot list file myself. i.imgur.com/3EPAr8D.png. But there is nothing in it even when I restarted the vsftpd.
    • Shikhar Baheti
      Shikhar Baheti over 8 years
      "3) Make all necessary changes within the "files" subdirectory." When I did the process again, It was found that, when I upload things in the /home/test/file, the file wasn't being uploaded because of permission denied. Then I changed file folder's owner to test(username). This is what I meant with "bugged before" i.imgur.com/fwuJ5qs.png
    • Shikhar Baheti
      Shikhar Baheti over 8 years
      There are weirdly two chroot_local_users=YES, which is should be uncommented?
    • Marko E
      Marko E almost 3 years
      Yes, you just need to add the port you want it to listen on and the port you are forwarding it to in the pod: kubectl port-forward pod/pod-name local_port:pod_port, I think. Something along those lines. :)
    • Chris G.
      Chris G. almost 3 years
      Thanks, but I am looking for using Istio(ingress gateway) not only for pods.
  • Marko E
    Marko E almost 3 years
    Thanks for updating the command from my comment. :)
  • Chris G.
    Chris G. almost 3 years
    Thanks, but I am looking for using Istio(ingress gateway) not only for pods.
  • Matt
    Matt almost 3 years
    Just expose the istio ingress gateway pod/service. because Istio gateway IS a pod

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to setup virtual users for vsftpd with access to a specific sub directory?
vsftpd - ftp user cannot create folders
getting 553 - cannot create file in vsftpd (ubuntu 12.04)
vsftpd: ECONNREFUSED with "allow_writeable_chroot=YES"
vsftpd - "553 could not create file"
How to allow a vsftpd to write to a folder other than default `/files`?
vsftp "Access is denied" when writing as an authenticated user
FTP using VSFTPD "Access Denied"
vsftpd default permissions for website directory and ftp
UBUNTU: ftp-server cannot change directory when user logs in