Skip to main content

VSFtpd local users chroot

How to get local users to work with chroot on VSFtpd

First, yes FTP (not SFTP, really FTP) is an old protocol, but there are still people asking for it. So, let's give them.

The target is to give them FTP access.

Install VSFtpd

As I use Archlinux, this is done with:

pacman -S vsftpd

Create the system user. 

Say you want to create "foo" user.

There is nothing difficult about that. Default HOME for the user will be "/home/foo". Don't forget to setup a password.

Create a directory named "input" (may be any name you want) inside the HOME.

mkdir -pv /home/foo/input

Disable SSH authentication with Password

From here, the created user may connect via SSH (not yet FTP), and may get through the entire filesystem... 

This is not what you want, so disable SSH Password authentication in "/etc/ssh/sshd_config"

Be careful, you must then enable and setup key authentication, or you will be locked out!

Set the HOME permissions correctly

VSFtpd will refuse to start if the FTP root directory is writable by the user "foo".

As we will chroot "foo", the FTP root directory for "foo" user is "/home/foo".

Make "/home/foo" owned by "ftp":

  chown -R ftp.ftp /home/foo

Then  make "/home/foo/input" owned by "foo":

  chown -R foo.foo /home/foo/input

Note that  through FTP, the user will only be able to write in "/home/foo/input"

Configure VSFtpd itself

Configuring VSFtpd is all about a few lines to change:

  local_enable=YES
  guest_enable=NO
  write_enable=YES
  local_umask=022
  chroot_local_user=YES
  seccomp_sandbox=NO

 Restart NSFtpd and you're done


Popular posts from this blog

npm run build base-href

Using NPM to specify base-href When building an Angular application, people usually use "ng" and pass arguments to that invocation. Typically, when wanting to hard code "base-href" in "index.html", one will issue: ng build --base-href='https://ngx.rktmb.org/foo' I used to build my angular apps through Bamboo or Jenkins and they have a "npm" plugin. I got the habit to build the application with "npm run build" before deploying it. But the development team once asked me to set the "--base-href='https://ngx.rktmb.org/foo'" parameter. npm run build --base-href='https://ngx.rktmb.org/foo did not set the base href in indext.html After looking for a while, I found https://github.com/angular/angular-cli/issues/13560 where it says: You need to use −− to pass arguments to npm scripts. This did the job! The command to issue is then: npm run build -- --base-href='https://ngx.rktmb.org/foo&
Read more

emacs29 intelephense

Emacs 29 and PHP Intelephense I use to use Emacs and PHP Intelephense for PHP development. I recently upgraded to Emacs 29 and PHP Intelephense stopped working. I found a solution on Reddit Based on that, I rewrote my .emacs file to use eglot instead of lsp-mode, and this is the result. (use-package eglot :ensure t) (add-hook 'php-mode-hook 'eglot-ensure) (use-package php-mode :ensure t :mode ("\\.php\\'" . php-mode)) (add-to-list 'auto-mode-alist '("\\.php$" . php-mode)) (provide 'lang-php) (use-package company :ensure t :config (setq company-idle-delay 0.3) (global-company-mode 1) (global-set-key (kbd "M- ") 'company-complete)) (require 'eglot) (add-to-list 'eglot-server-programs '((php-mode :language-id "php") . ("intelephense" "--stdio" :initializationOptions (:licenseKey "98989898989898989898"
Read more

Jenkins invalid privatekey

Publish over SSH, Message "invalid privatekey:" With quite recent (June-July 2020) installations of Jenkins and OpenSSH, I have the following error message when using the "Deploy overs SSH" Jenkins plug-in and publishing artifacts to the target overs SSH: jenkins.plugins.publish_over.BapPublisherException: Failed to add SSH key. Message [invalid privatekey: [B@d8d395a] This problem seems to be referenced here: https://issues.jenkins-ci.org/browse/JENKINS-57495 Just regenerate a key with the right parameters To solve it: ssh-keygen -t rsa -b 4096 Or ssh-keygen -t rsa -b 4096 -m PEM
Read more