Rackspace Cloud Essentials - Configure a user in vsftpd for CentOS

  • Last updated on: 2016-07-08
  • Authored by: Rackspace Support

Previous section: Rackspace Cloud Essentials - Install vsftpd for CentOS

This article describes how to create system users in vstfpd and chroot them (isolate or “jail” them to their home directory) if necessary.

Add a system user

Create a new user for FTP access in vsftpd by creating a new valid Linux system user with the following commands:

useradd test
passwd test

Disable SSH access for FTP users

The default user creation script gives a user the /bin/bash shell, which can be a little too powerful. If you don’t want your users to log in to your server via SSH, you can block this access. When you change the shell to /bin/false, the users can log in only via FTP or mail if you have that set up.

Modify the user access with the following command:

usermod -s /sbin/nologin test

Chroot a user

Now you can configure vsftpd to be able to chroot (commonly referred to as jailing) users to their home directories for security and privacy. When you chroot users, they can’t move up a level in the directory structure after they log in.

With vsftpd, you can chroot a user by editing the following in the file /etc/vsftpd/vsftpd.conf:

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list

You must create a vsftp.chroot_list file and enter users who do not use chroot. Every user uses chroot by default. Therefore, create a chroot_list file, even if the file is going to remain empty:

touch /etc/vsftpd/vsftpd.chroot_list

After the file is created and you have set up your chroot_list, restart vsftpd with the following command:

service vsftpd restart

Continue the conversation in the Rackspace Community.