If you’re using ProFTPD user on a Linux server you most certainly has wondered how you can configure the FTP server to chroot (or jail) it’s users to a particular directory of choice.
By the default the behaviour of ProFPTD is not to use any chrooting, I believe because chrooting is not yet a mass well accepted standard, so you will have to do a minor modifications to proftpd.conf file.
Actually it’s a way easier than it sounds to configure the ProFTPD to chroot / jail it’s users.
To configure ProFTPD to chroot it’s users to the /home directory all you have to do is edit your proftpd.conf
On Debian Linux and many other Linux distributions the proftpd.conf is located in /etc/proftpd/proftpd.conf
root@linux-server:~# vim /etc/proftpd/proftpd.conf
Therein uncomment the line
# DefaultRoot ~
to read
DefaultRoot ~
If you further need to chroot proftpd users to be jailed to let’s say their public_html file for security reasons you can just change the up-mentioned proftpd DocumentRoot directive to:
DefaultRoot ~/public_html
Hopefully partaking this steps will be a step further to make your Linux server a bit more secure.
More helpful Articles
Tags: How to configure ProFTPD to chroot users to /home directory or any other selected directory
Mozilla/5.0 (X11; U; Linux i686; de; rv:1.9.2.17) Gecko/20110422 Ubuntu/9.10 (karmic) Firefox/3.6.17
proftp: DocumentRoot : Cruel!!!
I want to grant specific groups specific home-dirs somewhere
in the filesystem, not necessarily under /home
I found:
DefaultRoot / admins #yes,totally unsecure,but secure intranet 🙂
DefaultRoot /mnt/md1 ftpusers
DefaultRoot /mnt/md1/public public
DefaultRoot ~
but nothing!!
horrible software!
i run:
View CommentView CommentLinux IB-NAS4220-B 2.6.15 #140 Fri Sep 7 10:29:15 CST 2007 armv4l GNU/Linux
Opera/9.80 (X11; Linux x86_64; U; bg) Presto/2.7.62 Version/11.00
Hi,
try to play with umask var;
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
Also maybe try to set permissions manually with chmod / chown to directories? I think I don’t fully understand what you need to do.
Regards,
View CommentView CommentGeorgi
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.31 (KHTML, like Gecko) Chrome/26.0.1410.64 Safari/537.31
I have just stumbled over this, uhm, BUG and I must say, I am totally baffled as to why DefaultRoot ~ is not the DEFAULT.
This is highly dangerous and certainly sheds a bad light on a product that on the whole doesn't have the best security record anyway.
View CommentView Comment