Even if you trust your users not to purposefully hack your server, allowing them to peruse your entire file system of your dedicated server whenever they want is definitely a bad idea.
On most Linux distributions, the normal users do not have permissions to make any changes to system directories like /etc /var and /usr, but they can still see them. If their accounts were ever compromised, the identity thief would then have a much easier time picking out a particular directory or system file to attack, if it is perfectly visible.
Fortunately, there is a way to make sure a user cannot move past his or her own home directory, if nothing else, to set your mind at ease. Since your users will be accessing the server through FTP, the easiest way to jail them in their directories is to configure it in your FTP server. I will give two examples of two popular FTP servers: VSFTP and ProFTPD
In VSFTP, edit the /etc/vsftpd/vsftpd.conf
and change, add, or uncomment the following line:
Save the file and restart VSFTP
In ProFTPD, edit the following file:
and uncomment the following line (remove the # in front of it):
If you need to jail the users further, for example, in their document root directories (such as public_html), use the following line:
Save the file and restart ProFTPD:
Now your users will not be able to browse through the entire directory structure of your server, only through their own files. There is another method to accomplish the same thing in SSH, and we will discuss that in a separate post.
- What is a Chroot Jail?
- Important Directories in Linux
- How to Change Your Server’s FTP Port
- Granting Users Access to Privileged Files
- What Windows Users Should Know about Linux Servers