the following option doesn't exist by default in the options file (and the default is NO): chroot_local_user=YES but it is mentioned (thank god). I think that it should exist and be set to yes. This is after all supposed to be very secure ftp. I became aware of this as someone using Internet Explorer to ftp into my server was like "I see directories, boot.." I thought that being very secure ftp and that because my IE sent me to the users home directory that chrooting the user was the case. Reproducible: Always Steps to Reproduce: 1.Install vsftp 2.Allow local user access. 3.
(In reply to comment #0) > I became aware of this as someone using Internet Explorer to ftp into my server > was like "I see directories, boot.." Well done; sorry but running a server assumes you know what you are doing; if not, then don't moan here.
I am saying that: 1)`chroot_local_user=` should be in the default config file /etc/vsftp/vsftp.conf. 2)the default should be YES. 3)this would be a much more secure default setting. 4)security is good.
From the man page chroot_local_user If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login. Warning: This option has security implications, especially if the users have upload permission, or shell access. Only enable if you know what you are doing. Note that these security implications are not vsftpd specific. They apply to all FTP daemons which offer to put local users in chroot() jails. Default: NO The man page clearly implies that you should know about chroot before activating this option. As such upstream will have to change their documentation before I even think about changing the default.