How to install and configure FTP server with chroot in Ubuntu 12.04 LTS

In this tutorial we will learn how to configure FTP server with chroot enable in Ubuntu 12.04 LTS.

Advantage : The ftp user is bounded to login only into home directory ( because of chroot enabled ).The user can’not change directory other than directory inside its own home directory.
We can also define which user can change to other system directories including its home directory.

Note:Note: We will install the vsftpd 3.0 package after downloading it into the system. We are not going to use “apt-get install” method . The reason it has bug related to chroot enable.For reference https://sharadchhetri.com/2013/05/20/500-oops-vsftpd-refusing-to-run-with-writable-root-inside-chroot/

Follow the given below steps –

Step1 : Download vsftpd package and install it

tux@ubuntu:~$ sudo su -
[sudo] password for tux:
root@ubuntu:~#
root@ubuntu:~# cd /root/
root@ubuntu:~# wget http://security.ubuntu.com/ubuntu/pool/main/v/vsftpd/vsftpd_3.0.2-1ubuntu2_i386.deb
    
    Resolving security.ubuntu.com (security.ubuntu.com)… 91.189.92.190
    , 91.189.92.201, 91.189.92.202, …
    Connecting to security.ubuntu.com (security.ubuntu.com)|91.189.92.190|:80… connected.
    HTTP request sent, awaiting response… 200 OK
    Length: 114714 (112K) [application/x-debian-package]
    Saving to: `vsftpd_3.0.2-1ubuntu2_i386.deb’

    100%[=========================================================================================>] 114,714 219K/s in 0.5s

    2013-05-20 09:36:21 (219 KB/s) – `vsftpd_3.0.2-1ubuntu2_i386.deb’ saved [114714/114714]

root@ubuntu:~#
root@ubuntu:~#
root@ubuntu:~# dpkg -i vsftpd_3.0.2-1ubuntu2_i386.deb

 #### Install the dependency of VSFTPD ####

root@ubuntu:~ # apt-get install libcap2

Step3 : Take the backup of Original vsftpd.conf file

#cp -p vsftpd.conf.dpkg-new vsftpd.conf
# cp -p /etc/vsftpd.conf /etc/vsftpd.conf.orig

Step 4 : Enable the given below bolded parameters in /etc/vsftpd.conf file.

root@ubuntu:/# vi /etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
allow_writeable_chroot=YES
root@ubuntu:/#

Step 5: Now restart the vsftpd service

 service vsftpd restart

Step 6 : Now you can login into ftp server and upload and download the file. Use command line,web browser or any ftp client filezilla,cyberduck,fireftp etc.

Allow some user to change into other system directories including its home directory

Step A: Create a file /etc/vsftpd.chroot_list and give system username in file which you want to provide the chroot ftp access.


# touch /etc/vsftpd.chroot_list
# vi /etc/vsftpd.chroot_list
   username1
   joe

Step B: Now in same /etc/vsftpd.conf file enable the parameter “chroot_list_file=/etc/vsftpd.chroot_list”

vi /etc/vsftpd.conf
chroot_list_file=/etc/vsftpd.chroot_list

Step C: Restart the vsftpd service

service vsftpd restart

Step 4 : Now check your FTP login through command line or FTP client.


REFERENCE of /etc/vsftpd.conf actual configuration which I am using in server

root@ubuntu:/etc# egrep -v ‘^#’ vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
allow_writeable_chroot=YES
root@ubuntu:/etc#

Below is the example in which only user joe can change to other system directory and because username tux is not listed in /etc/vsftpd.chroot_list,hence user tux is not able to change to other directories except the directories within its home directories.

linux@tuxworld:~$ ftp 10.10.0.13
Connected to 10.10.0.13.
220 (vsFTPd 3.0.2)
Name (10.10.0.13:linux): joe
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /home/tux
250 Directory successfully changed.
ftp> cd /opt
250 Directory successfully changed.
ftp> bye
221 Goodbye.
linux@tuxworld:~$
linux@tuxworld:~$ ftp 10.10.0.13
Connected to 10.10.0.13.
220 (vsFTPd 3.0.2)
Name (10.10.0.13:linux): tux
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> cd /home/joe
550 Failed to change directory.
ftp> cd /opt
550 Failed to change directory.
ftp>

Articles

How to install and configure FTP server in Ubuntu 12.04 LTS
How to configure FTP server in CentOS 6.3 – vsftpd server
linux command to list the files from rpm package without extracting
Setup self signed ssl certificate on Owncloud 6 in Ubuntu 14.04 LTS Server
How to configure vsftpd server with virtual user mysql authentication in CentOS 6
Setup Master Slave Chroot BIND DNS in CentOS 6 or Red Hat 6
How to convert rpm file into deb file
How to create own Git Server with Gitolite and Gitweb in Ubuntu
How to extract RPM package on Linux system
Setup Owncloud 6 with self signed SSL certificate on Ubuntu 13.10
How to install and configure Secure FTP server in Ubuntu 12.04 LTS
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
create and delete user in Red Hat and CentOS
Find installed and enabled apache module in Debian/Ubuntu
How to install own git server with ssh and http access by using gitolite and gitweb in CentOS

Sharad Chhetri is an experienced Linux, DevOps, Cloud Engineer & Freelancer. Working on various technologies since RHEL 4 era. He loves sharing the knowledge which he has earned from his experience.
You can contact him on email for freelance projects at admin@sharadchhetri.com.

Read Some More Articles

Protect ssh with Google Authenticator on Ubuntu 14.04 LTS

Protect ssh with Google Authenticator on Ubuntu 14.04 LTS

BySharad Chhetri

The tutorial is about how we can protect ssh with Google Authenticator on Ubuntu 14.04 LTS server . Google authenticator is a security application which implements time based one time password (TOTP) security tokens. It is often also called as “Two steps verification” . The server in which Google Authenticator has been setup , to…

NOTICE: nagios.cmd file not found. Please specify the location of this file in your /etc/vshell.conf file
|

NOTICE: nagios.cmd file not found. Please specify the location of this file in your /etc/vshell.conf file

BySharad Chhetri

NOTICE: nagios.cmd file not found. Please specify the location of this file in your /etc/vshell.conf file This is continue of my last post on how to change nagios frontend with vshell Nagios version : 3.x While configuring the vshell it might be possible you can get this warning message.The warning message occur when you run…

virtualbox guest addition video

Install VirtualBox Guest Additions and create videos

BySharad Chhetri

In this article we will learn how to install VirtualBix Guest Additions and create videos in VirtualBox.

mail command not found in Red Hat CentOS Ubuntu Debian

mail command not found in Red Hat CentOS Ubuntu Debian

BySharad Chhetri

You may have encounter with mail command not found in Red hat, CentOS, Rocky Linux, Ubuntu, Debian .Whenever any message says while hitting the command as Command Not Found , it means the package is not installed or script is not present. We use mail command to send the email from the terminal. It is…

How to install Owncloud 6 in Ubuntu 13.10 Server
|

How to install Owncloud 6 in Ubuntu 13.10 Server

BySharad Chhetri

In this tutorial we will learn,how to install Owncloud 6 in Ubuntu 13.10 Server.Recently, the Owncloud community has released its new verison called Owncloud 6. Owncloud is one the best alternative for Dropbox and Google Drive. You can self host the Owncloud very quickly in short span of time.You can access,share and sync the data…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.