Now normal user can go to /etc directory (may be to all other directories) and if there is read only permission to sensitive files user can download the file via ftp. To avoid this security problem you can lock ftp user in a jail. Open vsftpd configuration file “/etc/vsftpd/vsftpd.conf”
1 2 3 | $ vi /etc/vsftpd/vsftpd.conf |
Make sure following line exists (and uncommented):
1 2 3 | chroot_local_user=YES |
Save and close the file. Restart vsftpd.
1 2 3 | $ sudo /etc/init.d/vsftpd restart |
OR
1 2 3 | $ sudo service vsftpd restart |
Now all users of VSFTPD/FTP will be limited to accessing only files in their own home directory. They will not able to see /, /etc, /root and /tmp and all other directories. This is an essential security feature.
