• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
sharadchhetri.com

sharadchhetri.com

Linux,Cloud Computing And DevOps

  • Home
  • Linux
  • CloudComputing
    • Introduction Cloud Computing
    • Amazon AWS
  • Free E-Books
  • About Me

How to install and configure FTP server with chroot in Ubuntu 12.04 LTS

May 21, 2013 by Sharad Chhetri Leave a Comment

How to install and configure FTP server with chroot in Ubuntu 12.04 LTS

In this tutorial we will learn how to configure FTP server with chroot enable in Ubuntu 12.04 LTS.

Advantage : The ftp user is bounded to login only into home directory ( because of chroot enabled ).The user can’not change directory other than directory inside its own home directory.
We can also define which user can change to other system directories including its home directory.

Note:Note: We will install the vsftpd 3.0 package after downloading it into the system. We are not going to use “apt-get install” method . The reason it has bug related to chroot enable.For reference https://sharadchhetri.com/2013/05/20/500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/

Follow the given below steps –

Step1 : Download vsftpd package and install it

tux@ubuntu:~$ sudo su -
[sudo] password for tux:
root@ubuntu:~#
root@ubuntu:~# cd /root/
root@ubuntu:~# wget http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_3.0.2-1ubuntu2_i386.deb
    
    Resolving security.ubuntu.com (security.ubuntu.com)… 91.189.92.190
    , 91.189.92.201, 91.189.92.202, …
    Connecting to security.ubuntu.com (security.ubuntu.com)|91.189.92.190|:80… connected.
    HTTP request sent, awaiting response… 200 OK
    Length: 114714 (112K) [application/x-debian-package]
    Saving to: `vsftpd_3.0.2-1ubuntu2_i386.deb’

    100%[=========================================================================================>] 114,714 219K/s in 0.5s

    2013-05-20 09:36:21 (219 KB/s) – `vsftpd_3.0.2-1ubuntu2_i386.deb’ saved [114714/114714]

root@ubuntu:~#
root@ubuntu:~#
root@ubuntu:~# dpkg -i vsftpd_3.0.2-1ubuntu2_i386.deb

 #### Install the dependency of VSFTPD ####

root@ubuntu:~ # apt-get install libcap2
    

Step3 : Take the backup of Original vsftpd.conf file

#cp -p vsftpd.conf.dpkg-new vsftpd.conf
# cp -p /etc/vsftpd.conf /etc/vsftpd.conf.orig

Step 4 : Enable the given below bolded parameters in /etc/vsftpd.conf file.

root@ubuntu:/# vi /etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES

dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
allow_writeable_chroot=YES
root@ubuntu:/#

Step 5: Now restart the vsftpd service

 service vsftpd restart 

Step 6 : Now you can login into ftp server and upload and download the file. Use command line,web browser or any ftp client filezilla,cyberduck,fireftp etc.

Allow some user to change into other system directories including its home directory

Step A: Create a file /etc/vsftpd.chroot_list and give system username in file which you want to provide the chroot ftp access.


# touch /etc/vsftpd.chroot_list
# vi /etc/vsftpd.chroot_list
   username1
   joe

Step B: Now in same /etc/vsftpd.conf file enable the parameter “chroot_list_file=/etc/vsftpd.chroot_list”

vi /etc/vsftpd.conf
chroot_list_file=/etc/vsftpd.chroot_list

Step C: Restart the vsftpd service

service vsftpd restart

Step 4 : Now check your FTP login through command line or FTP client.


REFERENCE of /etc/vsftpd.conf actual configuration which I am using in server

root@ubuntu:/etc# egrep -v ‘^#’ vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
allow_writeable_chroot=YES
root@ubuntu:/etc#

Below is the example in which only user joe can change to other system directory and because username tux is not listed in /etc/vsftpd.chroot_list,hence user tux is not able to change to other directories except the directories within its home directories.

linux@tuxworld:~$ ftp 10.10.0.13
Connected to 10.10.0.13.
220 (vsFTPd 3.0.2)
Name (10.10.0.13:linux): joe
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /home/tux
250 Directory successfully changed
.
ftp> cd /opt
250 Directory successfully changed.

ftp> bye
221 Goodbye.
linux@tuxworld:~$
linux@tuxworld:~$ ftp 10.10.0.13
Connected to 10.10.0.13.
220 (vsFTPd 3.0.2)
Name (10.10.0.13:linux): tux
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /home/joe
550 Failed to change directory.

ftp> cd /opt
550 Failed to change directory.

ftp>

Do'nt be greedy, share the knowledge!

  • Click to share on Facebook (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Twitter (Opens in new window)
  • Click to share on Pinterest (Opens in new window)
  • Click to share on Reddit (Opens in new window)
  • Click to share on Pocket (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Related

Filed Under: FTP Server, Linux, Server Tagged With: ftp, vsftp

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Follow Us

  • Facebook
  • Twitter
  • GitHub
  • YouTube

Recent Posts

  • Activate.ps1 cannot be loaded because running scripts is disabled on this system
  • How to install Java (OpenJDK) on Ubuntu Linux
  • How to install Groovy on Ubuntu 20.04 LTS
  • How to Disable selinux in Red Hat or CentOS
  • How to remove date from WordPress Post URL

Top Posts & Pages

  • How to delete mail queue in Postfix
  • How to fix read only USB pen drive in Ubuntu
  • How to start / stop / restart / reload iptables on CentOS 7 / RHEL 7
  • 4 different commands to check the load average in linux
  • How to set hostname and FQDN on CentOS 7 and RHEL 7
  • How to find absolute path of command on Linux / Unix : which command
  • How to create Jenkins user by command line and GUI
  • How to print particular line number by using sed command
  • How to setup Jenkins Credentials for Git repo access
  • make command not found in linux CentOS Red Hat ubuntu Debian

DevOps Posts

  • vagrant cloud flow

    Install Vagrant on Ubuntu and create first VM

  • git jenkins credential github

    How to setup Jenkins Credentials for Git repo access

  • terraform

    how to install terraform in Linux : CentOS-Ubuntu

  • docker image

    How to create Ubuntu docker base image

  • Install Ansible on Ubuntu / CentOS / RHEL

Footer

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Sharad Chhetri is an experienced Linux - Cloud Engineer & freelancer. Working on Open Source Technology since RHEL 4.0 (Red Hat Enterprise Linux). He loves sharing the knowledge which earned from real scenarios. Don't be surprised if you find him in technology seminars and meetup groups. You can contact him on email for freelance projects at admin@sharadchhetri.com. Read More…

Tags

Amazon AWS apache automation awk bash script CentOS centos 7 debian devops docker freebsd ftp ghost git grep hostname jenkins kvm linux linux command linux commands MariaDB Server mysql Nagios nginx Octopress owncloud Owncloud 6 php postfix postgres python Red Hat rpm sed selinux ssh swap ubuntu user management vagrant varnish virtualbox vsftp wordpress

Recent Comments

  • Sharad Chhetri on How to fix read only USB pen drive in Ubuntu
  • iain mckeand on How to fix read only USB pen drive in Ubuntu
  • Sharad Chhetri on Secondary Logging : save all users history command output as log
  • Sharad Chhetri on How to fix read only USB pen drive in Ubuntu
  • er on What is /dev/shm and how to mount /dev/shm
  • Bala on Send nagios report as pdf file via email
  • Terry on How to fix read only USB pen drive in Ubuntu
  • Terry on How to fix read only USB pen drive in Ubuntu

Copyright © 2009 - 2022 · All Rights Reserved sharadchhetri.com · · Privacy Policy ·
· sitemap.xml · ·The content is copyrighted to sharadchhetri.com and may not be reproduced on other websites without our permission. ·

Copyright © 2022 · Genesis Sample on Genesis Framework · WordPress · Log in