[plug] debian etch + vsftpd does not chroot jail users

Denis Brown dsbrown at cyllene.uwa.edu.au
Thu Apr 17 16:00:19 WST 2008

Dear PLUG list members,

Despite best efforts I cannot get users to be confined to their chroot 
jails.   Debian etch and vsftpd installed using aptitude.   Vsftpd version 
is 2.0.5

Have scoured the web for info on this and I understand the manner in which 
vsftpd's config file *should* jail users, but it does not :-(   Snippets 

<quote from /etc/vsftpd.conf>

User "badboy" appears in /etc/vsftpd.chroot_list

User "badboy" has entry in /etc/passwd like so...
badboy:x:1002:1002:Bad Boy,,,:/home/badboy/./:/bin/bash

The use of a trailing /./ for the home directory specification was 
mentioned in one of the web articles but it apparently makes no difference.

Using pscp.exe on a windows box I can sftp to the host, authenticate as 
badboy and happily issue cd .. commands and traverse the directory tree 
:-(   At each level I can do an ls and see contents.    It was my 
understanding that this should not be possible.

There are no errata or bugs filed against vsftpd that I can see and the 
only mentions that it has on the web generally have been from people who 
messed up the configuration by misinterpreting the config file 
directives.    Maybe I've joined that elite too?

Thoughts appreciated!

More information about the plug mailing list