Skip to main content

VSFtpd local users chroot

How to get local users to work with chroot on VSFtpd

First, yes FTP (not SFTP, really FTP) is an old protocol, but there are still people asking for it. So, let's give them.

The target is to give them FTP access.

Install VSFtpd

As I use Archlinux, this is done with:

pacman -S vsftpd

Create the system user. 

Say you want to create "foo" user.

There is nothing difficult about that. Default HOME for the user will be "/home/foo". Don't forget to setup a password.

Create a directory named "input" (may be any name you want) inside the HOME.

mkdir -pv /home/foo/input

Disable SSH authentication with Password

From here, the created user may connect via SSH (not yet FTP), and may get through the entire filesystem... 

This is not what you want, so disable SSH Password authentication in "/etc/ssh/sshd_config"

Be careful, you must then enable and setup key authentication, or you will be locked out!

Set the HOME permissions correctly

VSFtpd will refuse to start if the FTP root directory is writable by the user "foo".

As we will chroot "foo", the FTP root directory for "foo" user is "/home/foo".

Make "/home/foo" owned by "ftp":

  chown -R ftp.ftp /home/foo

Then  make "/home/foo/input" owned by "foo":

  chown -R foo.foo /home/foo/input

Note that  through FTP, the user will only be able to write in "/home/foo/input"

Configure VSFtpd itself

Configuring VSFtpd is all about a few lines to change:

  local_enable=YES
  guest_enable=NO
  write_enable=YES
  local_umask=022
  chroot_local_user=YES
  seccomp_sandbox=NO

 Restart NSFtpd and you're done


Popular posts from this blog

Undefined global vim

Defining vim as global outside of Neovim When developing plugins for Neovim, particularly in Lua, developers often encounter the "Undefined global vim" warning. This warning can be a nuisance and disrupt the development workflow. However, there is a straightforward solution to this problem by configuring the Lua Language Server Protocol (LSP) to recognize 'vim' as a global variable. Getting "Undefined global vim" warning when developing Neovim plugin While developing Neovim plugins using Lua, the Lua language server might not recognize the 'vim' namespace by default. This leads to warnings about 'vim' being an undefined global variable. These warnings are not just annoying but can also clutter the development environment with unnecessary alerts, potentially hiding other important warnings or errors. Defining vim as global in Lua LSP configuration to get rid of the warning To resolve the "Undefined global vi...
Read more

npm run build base-href

Using NPM to specify base-href When building an Angular application, people usually use "ng" and pass arguments to that invocation. Typically, when wanting to hard code "base-href" in "index.html", one will issue: ng build --base-href='https://ngx.rktmb.org/foo' I used to build my angular apps through Bamboo or Jenkins and they have a "npm" plugin. I got the habit to build the application with "npm run build" before deploying it. But the development team once asked me to set the "--base-href='https://ngx.rktmb.org/foo'" parameter. npm run build --base-href='https://ngx.rktmb.org/foo did not set the base href in indext.html After looking for a while, I found https://github.com/angular/angular-cli/issues/13560 where it says: You need to use −− to pass arguments to npm scripts. This did the job! The command to issue is then: npm run build -- --base-href='https://ngx.rktmb.org/foo...
Read more

CopilotChat GlobFile Configuration

CopilotChat GlobFile Configuration Want to feed multiple files into GitHub Copilot Chat from Neovim without listing each one manually? Let's add a tiny feature that does exactly that: a file glob that includes full file contents . In this post, we'll walk through what CopilotChat.nvim offers out of the box, why the missing piece matters, and how to implement a custom #file_glob:<pattern> function to include the contents of all files matching a glob. Using Copilot Chat with Neovim CopilotChat.nvim brings GitHub Copilot's chat right into your editing flow. No context switching, no browser hopping — just type your prompt in a Neovim buffer and let the AI help you refactor code, write tests, or explain tricky functions. You can open the chat (for example) with a command like :CopilotChat , then provide extra context using built-in functions. That “extra context” is where the magic really happens. Built-in functio...
Read more