Lock down vsftpd and give access to symlinks

Locking down vsftp is pretty easy, but giving access to symlinks is another issue entirely.

To lock down vsftp, use the method as per the link above (chroot_local_user=YES) or one may also use the feature in vsFTP that allows a list of users who should / shouldn’t be chrooted;

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd/chroot_list

Then give a restart with /etc/init.d/vsftpd restart

But there’s a problem if the user needs to access a folder outside the chroot that’s symlinked into his folder. With vsFTP, the folder can’t be seen! Luckily, Radu has the solution for us to resolve the symlink problem.

We create a new folder, then use mount to make an existing otherwise-inaccessible folder available via chrooted vsftp:

mkdir /home/me/webfolder
mount --bind /var/www/webfolder /home/me/webfolder

that’s it, given that the permissions are OK, now the user can do what they need to!

This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *