Tugger the SLUGger!SLUG Mailing List Archives

Re: [SLUG] vsftp chroot


This one time, at band camp, tuxta2 wrote:
>Can I copy your config? That should get me started, and then I can learn 
>by looking at a working config

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=0072
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=YES
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=FTP server
ls_recurse_enable=YES
chroot_local_user=YES
pasv_min_port=30000
pasv_max_port=60000
force_dot_files=YES
use_localtime=YES

(comments stripped)

This is on a RHEL3 box, with vsftpd 1.2.1 (stock RPMs).

Theres' some comments in my config that talk about chooting:

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
#chroot_list_enable=YES
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list

Perhaps the default is locking you out?

Also worth checking: passwd_chroot_enable .

Other regular FTP things to check: user shell, PAM config.  /var/log/secure (or
wherever your AUTH and AUTHPRIV syslogs go) might give some clues why it's
being locked out.