In many cases, we would like to restrict FTP users from being able to live under their home directory (root dir) and not allow them to jump out of the home directory to browse other directories on the server, so I need to use the chroot_local_user,chroot_list_enable. Chroot_list_file these three options.
chroot_local_useR #是否将所有用户限制在主目录, yes to enable no disable. (The default value is no, that is, the FTP user can switch up to the directory if not configured after installing VSFTPD)
chroot_list_enable #是否启动限制用户的名单 Yes to enable No disable (including comment off and disabled)
chroot_list_file=/etc/vsftpd/chroot_list #是否限制在主目录下的用户名单, as to whether the list is restricted or excluded, it depends on chroot_local _user value, we can remember: Chroot_local_user is always a global setting, when Yes, all users are locked in the home directory, no, all users are not locked in the home directory. Then we will have to make some " fine-tuning " under the global setting, that is, we always need a " exception mechanism ", so when chroot_list_enable=yes, it means " Exceptions are required. " The meaning of "exception" always has a context, that is, when "All users are locked in the home directory" (that is, Chroot_local_user=yes), "Exception" is: The user is not locked, and when "All users are not locked in the home directory" (that is, Chroot_local_ User=no), "Exception" is: which users to be locked out. So the relationship between interpretation and memory is clear!
for the combination effect of chroot_local_user and chroot_list_enable, refer to the following table:
| |
chroot_local_user=yes | chroot_local_user=no |
| chroot_list_enable=yes | 1. All users are limited to their home directory 2. Use the user list specified by Chroot_list_file as "exceptions", unrestricted | 1. All users are not restricted to their home directory under 2. Use the user list specified by Chroot_list_file, which are restricted as "exceptions" |
| chroot_list_enable=no | 1. All users are limited to their home directory 2. Do not use chroot_list_file specified user list, no "exception" user | 1. All users are not restricted to their home directory under 2. Do not use the user list specified by chroot_list_file, no "exception" user |
VSFTPD configuration: Chroot_local_user and chroot_list_enable detailed
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
