vsftpd chroot_local_user does nothing

I'm setting up a vsftpd server on:

Linux 2.6.32-26-server #48-Ubuntu SMP Wed Nov 24 10:28:32 UTC 2010 x86_64 GNU/Linux

When I set chroot_local_user=YES, there is no effect (I can still see / when I log in). There is nothing in syslog or /var/log/vsftpd.log to indicate what's wrong. I know that I'm editing the right conf file and that other settings do come into effect when I restart the daemon, because these work:

ssl_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES

Any idea what's wrong? Thanks.

Edit:

I've touched /etc/vsftpd.chroot_list for it to be empty (no chroot-denied users), and have added:

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

Then to restart:

sudo /etc/init.d/vsftpd restart
Rather than invoking init scripts through /etc/init.d, use the service(8)
utility, e.g. service vsftpd restart

Since the script you are attempting to invoke has been converted to an
Upstart job, you may also use the restart(8) utility, e.g. restart vsftpd
vsftpd start/running, process 5606

Still no effect.


The documentation isn't terribly clear on how to do this, and it's hard to judge what you're missing without seeing your whole config file.

A shot in the dark:

   passwd_chroot_enable
         If enabled, along with chroot_local_user, then a chroot() jail
         location may be specified on a per-user basis. Each user's  jail
         is  derived from their home directory string in /etc/passwd. The
         occurrence of /./ in the home directory string denotes that  the
         jail is at that particular location in the path.

         Default: NO

Try setting that to YES. If it still doesn't work, please:

  1. Add your full config file to your question
  2. Show what user you're logging in as
  3. Explain how you're verifying that you're not chrooted