vsftpd chroot_local_user does nothing
I'm setting up a vsftpd server on:
Linux 2.6.32-26-server #48-Ubuntu SMP Wed Nov 24 10:28:32 UTC 2010 x86_64 GNU/Linux
When I set chroot_local_user=YES, there is no effect (I can still see / when I log in). There is nothing in syslog or /var/log/vsftpd.log to indicate what's wrong. I know that I'm editing the right conf file and that other settings do come into effect when I restart the daemon, because these work:
ssl_enable=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
Any idea what's wrong? Thanks.
Edit:
I've touched /etc/vsftpd.chroot_list for it to be empty (no chroot-denied users), and have added:
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
Then to restart:
sudo /etc/init.d/vsftpd restart
Rather than invoking init scripts through /etc/init.d, use the service(8)
utility, e.g. service vsftpd restart
Since the script you are attempting to invoke has been converted to an
Upstart job, you may also use the restart(8) utility, e.g. restart vsftpd
vsftpd start/running, process 5606
Still no effect.
The documentation isn't terribly clear on how to do this, and it's hard to judge what you're missing without seeing your whole config file.
A shot in the dark:
passwd_chroot_enable If enabled, along with chroot_local_user, then a chroot() jail location may be specified on a per-user basis. Each user's jail is derived from their home directory string in /etc/passwd. The occurrence of /./ in the home directory string denotes that the jail is at that particular location in the path. Default: NO
Try setting that to YES. If it still doesn't work, please:
- Add your full config file to your question
- Show what user you're logging in as
- Explain how you're verifying that you're not chrooted