To restrict the FTP user so they can only access their own home directory and not the rest of the system, you need to configure ProFTPD to jail users in their home directories. This can be done using the DefaultRoot directive in the ProFTPD configuration file. Here’s how you can achieve that:
Ensure Proper Configuration in proftpd.conf: Open the ProFTPD configuration file:
sudo nano /etc/proftpd/proftpd.confAdd or modify the following lines to ensure the FTP users are restricted to their home directories:
# To jail users in their home directory
DefaultRoot ~
#
RequireValidShell offEnsure User’s Shell is Allowed: Ensure that the user’s shell is valid and listed in /etc/shells. You can use /bin/false or /usr/sbin/nologin to restrict the user to FTP only.
echo "/bin/false" | sudo tee -a /etc/shells
echo "/usr/sbin/nologin" | sudo tee -a /etc/shellsThen, assign one of these shells to your FTP user:
sudo usermod -s /bin/false ftpuserCreate a Directory for the User: Ensure the user’s home directory is properly set up:
sudo mkdir -p /home/ftpuser/ftp
sudo chown -R ftpuser:ftpuser /home/ftpuser/ftp
sudo chmod -R 755 /home/ftpuser/ftpHere, the ftp directory inside the user’s home directory will be their FTP root.
Ensure User’s Shell is Allowed: Sometimes, FTP users are restricted due to their shell. Ensure that the user has a valid shell listed in /etc/shells. You can add /bin/false or /usr/sbin/nologin to /etc/shells if you want to create a user that cannot log in via SSH but can use FTP.
echo "/bin/false" | sudo tee -a /etc/shells
echo "/usr/sbin/nologin" | sudo tee -a /etc/shellsThen, assign one of these shells to your FTP user:
sudo usermod -s /bin/false ftpuserRestart ProFTPD: Restart the ProFTPD service to apply the changes.
sudo systemctl restart proftpd