Automatically change to subfolder in chroot jail on login

Question

I'm setting up an FTP server to replace an old windows server install. I'm using vsftpd on Ubuntu 16.04.

There are multiple users (automated test systems) external to the company, and we want to make the change transparent - no changes required to client machines

I have followed this guide and setup the virtual users and chroot jail. This works correctly, and when I log in using Filezilla, I can see that I am successfully chrooted into the virtual user's home directory (home/vftp/$USER).

However. This directory must not be writeable, to prevent breakout from the jail, so I have created a sub-directory home/vftp/$USER/uploads with write permissions. Because I don't want to have to make changes on the client machines, I need for them to be changed to this uploads directory upon login so that they just login + upload without having to change directory.

I'm aware that I can allow a writeable root (and hence not require a subfolder) with allow_writeable_chroot=YES, but as this is an externally-facing machine that's not really a great idea.

Is there a way that I can put the user in a chroot jail, but switch their working directory to a sub-directory?

Answer 1

If you can set the user home directory, you can specify passwd_chroot_enable=YES in vsftpd.conf along with a home directory such as /home/vftp/USER/./uploads in /etc/passwd.

It will create the chroot jail in /home/vftp/USER and use the uploads subdirectory as the user HOME directory.