I want to "jail" the user in his respective directory but they are being jailed at /var/www having permissions to "walk" and write in any directory at www.
Vsftpd on CentOS 7 – System details:
SITE 1:
Path: /var/www/site1
Owner and group: site1:site1
/home/site1 is a symbolic link to /var/www/site1
SITE 2:
Path: /var/www/site2
Owner and group: site2:site2
/home/site2 is a symbolic link to /var/www/site2
My /etc/passwd:
[...]
apache:x:48:48:Apache:/usr/share/httpd:/sbin/nologin
site1:x:1000:1000::/var/www/./site1:bin/bash
php-fpm:x:995:992:php-fpm:/var/lib/php/fpm:/sbin/nologin
site2:x:1001:1001::/var/www/./site2:/bin/bash
My /etc/vsftpd/vsfptd.conf:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
ascii_upload_enable=YES
chroot_local_user=YES
user_sub_token=$USER
local_root=/var/www/$USER ### also tried: local_root=/home/$USER
allow_writeable_chroot=YES
passwd_chroot_enable=YES
listen=NO
listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
pasv_enable=YES
pasv_max_port=10100
pasv_min_port=10090
force_dot_files=YES
I also have disabled SELinux, with enabled it's impossible to access ftp using windows(even in active mode).
Anyone can see the problem?
Best Answer
Solved, guys! The problem was the dot in home path of /etc/passwd.
Before(Not working):
Now(working):