[PLUG] chroot'd ftp-only account

Derek Loree derek at infotects.com
Fri Mar 22 19:27:38 UTC 2002


Hi Terry,

Terry Griffin wrote:

> Hi all,
>
> I want to set up a chroot'd ftp-only account on a Red Hat 7.x box. It
> should work like anonymous ftp but with a real username and password.
>
> Documentation for doing this is very sparse, both on the web and with Red
> Hat. What I've tried based on the sparse documentation doesn't work. Have
> any of you done this sort of thing or seen a good HOWTO for it?
>
> The ftp-only part I think I've got figured out. It's making it a chroot
> account that's giving me fits.

The easiest way I've found is to install vsftp, during the configuration,
setting up a chroot jail is an option. (This was done on a debian system, so
you may have to manually edit the config file on other distributions.)  To
make sure your user has no shell available on login, replace the /bin/bash
(or whatever shell is called) in the /etc/password with /dev/null (I know
there is a fake shell, but logging into /dev/null behaves much better).
However I feel I must say that I've just read another book on linux security
that emphatically states "The ftp protocol is inherently insecure -- DON'T
USE IT."

Good Luck

Derek Loree





More information about the PLUG mailing list