Chrooted user for VSFTP and Webserver purpose

If you need to create a chrooted user for one of your webservers particular folder please read this article.

1. First we need to create a system user

# useradd test
# passwd test

2. Disable SSH access for FTP users
The default user creation script will give a user the /bin/bash shell, which can be a little too powerful. If you don’t want your users logging into your server via SSH, we need to know how to block this access. If you change the shell to /bin/false, the users will only be able to login via ftp or mail if you have that setup. Here is how to modify your users:

usermod -s /sbin/nologin test

3. Now add group www-data to your test user by issuing:

usermod -a -G www-data,test test

Where test is the user you want to modify and www-data and test are the new groups you want that user to join. Running the command without the -a argument will remove that user from all groups except group1 and group2.

You can check /etc/groups file to see the result.

4. Configure vsftpd to be chrooted.

5. Root directory for example /var/www/test/ needs to be owned by root user and group. The rest of the folders and files inside this directory should have www-data:test permissions.

6. Change root directory of your user by modifying /etc/passwd


Important: number 1001 above could be different in your case.

Read more: