how to prevent ftp user to go to parent directory?

[mdallau]

I noticed that when I connect to the ftp-server I am able to go to the parent directory and even to other directories in the root.
How can I prevent the ftp user to go other directories?

[gadget1999]

add the following lines to vsftpd.conf:

chroot_local_user=YES
allow_writeable_chroot=YES

[TrueOsiris]

This is now in the default file.

[delfer]

Reverted #22

[albanm]

How is it possible to get this functionality since the commit was reverted ?

[Jormodn]

Any feature plans to get that feature after that revert?

[G3z]

to use this options:

• I created a vsftpd.conf file with the content taken from the repo
• uncommented chroot_local_user=YES and added allow_writeable_chroot=YES just below it
• set root:root as owner and group of the file (otherwise ftp server did not respond)
• mounted the file inside the container - "./vsftpd/vsftpd.conf:/etc/vsftpd/vsftpd.conf"

[ShubhTakale]

I noticed that when I connect to the ftp-server I am able to go to the parent directory and even to other directories in the root. How can I prevent the ftp user to go other directories?

How are you connecting, I am not able to connect?

[alexleach]

Personally I changed the folder permissions:

In docker-compose.yaml:

version: "3.0"

services:
  ftp:
    image: delfer/alpine-ftp-server
    environment:
      - USERS=user1|password1|/srv/ftp/user1 user2|password2|/srv/ftp/user2
    volumes:
      - /srv/ftp:/srv/ftp
[...]

Bring the container up, and let the container make the user folders.

Then in the host, remove global read permissions from /srv/ftp, and read and execute permissions from /srv/ftp/*:

$ sudo chmod o-r /srv/ftp
$ sudo chmod o-rx /srv/ftp/*

I think this could quite easily be put into the startup script, I'll see about creating a pull request...