How to install and configure FTP server with chroot in Ubuntu 12.04 LTS

In this tutorial we will learn how to configure FTP server with chroot enable in Ubuntu 12.04 LTS.

Advantage : The ftp user is bounded to login only into home directory ( because of chroot enabled ).The user can’not change directory other than directory inside its own home directory.
We can also define which user can change to other system directories including its home directory.

Note:Note: We will install the vsftpd 3.0 package after downloading it into the system. We are not going to use “apt-get install” method . The reason it has bug related to chroot enable.For reference https://sharadchhetri.com/2013/05/20/500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/

Follow the given below steps –

Step1 : Download vsftpd package and install it

tux@ubuntu:~$ sudo su -
[sudo] password for tux:
root@ubuntu:~#
root@ubuntu:~# cd /root/
root@ubuntu:~# wget http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_3.0.2-1ubuntu2_i386.deb
    
    Resolving security.ubuntu.com (security.ubuntu.com)… 91.189.92.190
    , 91.189.92.201, 91.189.92.202, …
    Connecting to security.ubuntu.com (security.ubuntu.com)|91.189.92.190|:80… connected.
    HTTP request sent, awaiting response… 200 OK
    Length: 114714 (112K) [application/x-debian-package]
    Saving to: `vsftpd_3.0.2-1ubuntu2_i386.deb’

    100%[=========================================================================================>] 114,714 219K/s in 0.5s

    2013-05-20 09:36:21 (219 KB/s) – `vsftpd_3.0.2-1ubuntu2_i386.deb’ saved [114714/114714]

root@ubuntu:~#
root@ubuntu:~#
root@ubuntu:~# dpkg -i vsftpd_3.0.2-1ubuntu2_i386.deb

 #### Install the dependency of VSFTPD ####

root@ubuntu:~ # apt-get install libcap2

Step3 : Take the backup of Original vsftpd.conf file

#cp -p vsftpd.conf.dpkg-new vsftpd.conf
# cp -p /etc/vsftpd.conf /etc/vsftpd.conf.orig

Step 4 : Enable the given below bolded parameters in /etc/vsftpd.conf file.

root@ubuntu:/# vi /etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
allow_writeable_chroot=YES
root@ubuntu:/#

Step 5: Now restart the vsftpd service

 service vsftpd restart

Step 6 : Now you can login into ftp server and upload and download the file. Use command line,web browser or any ftp client filezilla,cyberduck,fireftp etc.

Allow some user to change into other system directories including its home directory

Step A: Create a file /etc/vsftpd.chroot_list and give system username in file which you want to provide the chroot ftp access.


# touch /etc/vsftpd.chroot_list
# vi /etc/vsftpd.chroot_list
   username1
   joe

Step B: Now in same /etc/vsftpd.conf file enable the parameter “chroot_list_file=/etc/vsftpd.chroot_list”

vi /etc/vsftpd.conf
chroot_list_file=/etc/vsftpd.chroot_list

Step C: Restart the vsftpd service

service vsftpd restart

Step 4 : Now check your FTP login through command line or FTP client.


REFERENCE of /etc/vsftpd.conf actual configuration which I am using in server

root@ubuntu:/etc# egrep -v ‘^#’ vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
allow_writeable_chroot=YES
root@ubuntu:/etc#

Below is the example in which only user joe can change to other system directory and because username tux is not listed in /etc/vsftpd.chroot_list,hence user tux is not able to change to other directories except the directories within its home directories.

linux@tuxworld:~$ ftp 10.10.0.13
Connected to 10.10.0.13.
220 (vsFTPd 3.0.2)
Name (10.10.0.13:linux): joe
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /home/tux
250 Directory successfully changed.
ftp> cd /opt
250 Directory successfully changed.
ftp> bye
221 Goodbye.
linux@tuxworld:~$
linux@tuxworld:~$ ftp 10.10.0.13
Connected to 10.10.0.13.
220 (vsFTPd 3.0.2)
Name (10.10.0.13:linux): tux
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /home/joe
550 Failed to change directory.
ftp> cd /opt
550 Failed to change directory.
ftp>

Articles

Setup self signed ssl certificate on Owncloud 6 in Ubuntu 14.04 LTS Server
Setup Master Slave Chroot BIND DNS in CentOS 6 or Red Hat 6
Setup Owncloud 6 with self signed SSL certificate on Ubuntu 13.10
Find installed and enabled apache module in Debian/Ubuntu
How to convert rpm file into deb file
How to install own git server with ssh and http access by using gitolite and gitweb in CentOS
How to install and configure Secure FTP server in Ubuntu 12.04 LTS
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
linux command to list the files from rpm package without extracting
How to install and configure FTP server in Ubuntu 12.04 LTS
How to extract RPM package on Linux system
How to create own Git Server with Gitolite and Gitweb in Ubuntu
create and delete user in Red Hat and CentOS
How to configure FTP server in CentOS 6.3 – vsftpd server
How to configure vsftpd server with virtual user mysql authentication in CentOS 6

Sharad Chhetri is an experienced Linux, DevOps, Cloud Engineer & Freelancer. Working on various technologies since RHEL 4 era. He loves sharing the knowledge which he has earned from his experience.
You can contact him on email for freelance projects at admin@sharadchhetri.com.

Read Some More Articles

Install and configure Varnish Cache server on CentOS/RHEL 6.x
|

Install and configure Varnish Cache server on CentOS/RHEL 6.x

BySharad Chhetri

In this tutorial we will learn about,how to install and configure Varnish Cache server on CentOS/RHEL 6.x. We will install varnish 3.0 version in CentOS 6.x . I am writing this basic tutorial to setup your first varnish in server.Here we will use rpm packages for installation.The rpm packages are available as per your operating…

error: Could not load host key

error: Could not load host key

BySharad Chhetri

Recently while upgrading the OpenSSH server, we faced some issue. This time, the issue was related to ssh key and we got number of lines in message log file with information – “error: Could not load host key” . Here are some brief detail taken from our system. Jan 17 11:14:10 localhost sshd[6294]: error: Could…

simplecodesyntax wordpress plugin
|

SimpleCodeSyntax : My Another WordPress Plugin

BySharad Chhetri

SimpleCodeSyntax is a WordPress Plugin. Just download and activate the plugin in your WordPress site. No further settings is required. From Where To Download SimpleCodeSyntax Plugin You can download it from the WordPress.org website. Here, I have created the Download Button for the same or get it from this WordPress.org URL. Why did I create…

How to install mod_proxy and setup reverse proxy in Apache Ubuntu
|

How to install mod_proxy and setup reverse proxy in Apache Ubuntu

BySharad Chhetri

How to install mod_proxy and setup reverse proxy in Apache Ubuntu Today in this tutorial we will learn about installing apache proxy module and how to setup reverse proxy. The module name is mod_proxy ,it is core module which supports Forward and Reverse Proxy settings in Apache WebServer. There are other modules also which is…

How to install and configure samba server in CentOS 6.3
| |

How to install and configure samba server in CentOS 6.3

BySharad Chhetri

How to install and configure samba server in CentOS 6.3 Introduction: Samba is a free software re-implementation of the SMB/CIFS networking protocol, originally developed by Andrew Tridgell. As of version 3, Samba provides file and print services for various Microsoft Windows clients and can integrate with a Windows Server domain, either as a Primary Domain…

Install MariaDB Server 10.0 on Ubuntu 14.04 LTS ( Trusty Tahr )
|

Install MariaDB Server 10.0 on Ubuntu 14.04 LTS ( Trusty Tahr )

BySharad Chhetri

The post will explain, how to install MariaDB Server 10.0 on Ubuntu 14.04 LTS (Trusty Tahr) . MariaDB which is now a days very popular. It is fork of MySQL and best alternate of MySQL. Red Hat has already announced the MariaDB as default Database in Verion RHEL 7.0. I surely suggest you to know…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.