Setting VSFTP with Chroot option.

Today I  have got a requirement to setup a sftp user and restricting its access to a specific directory. My current running OS version Oracle Linux 5.11 which has latest openssh version openssh-4.3p2-82.el5. Now, initial plan to setup chroot to home directory using the below configuration which is quit straightforward.

1. Create a group called sftponly

        #groupadd sftponly
2.  Update /etc/ssh/sshd_config file with the below entries

AllowGroups root sftponly
Match Group sftponly
        ChrootDirectory /home/newuser
        ForceCommand    internal-sftp
        AllowTcpForwarding      no

While restarting sshd,

Starting sshd: /etc/ssh/sshd_config: line 123: Bad configuration option: Match
/etc/ssh/sshd_config: terminating, 1 bad configuration options [FAILED]

After googling for a while found that this feature is supported only with openssh 5 or above so not possible in my case

For an immediate workaround, I have decided to go for vsftp with chroot option. Here is what i have followed to set it up.

1. Install package vsftpd (#yum install vsftp*)

2. Change  anonymous_enable=NO

3. Add the below line

 chroot_local_user=YES

4. Add a user as below and set shell to /bin/false to restrict user not to login via shell

testuser:x:54332:54335::/home/testuser:/bin/false


NOTE: Ensure /bin/false is listed in the /etc/shells file