I'm running into a problem with vsftpd which could be considered a bug depending on how you look at things. Since it's Fedora and selinux related, I thought I'd bring it up here before bothering the overburdened upstream maintainer. The base issue is that I have regular users with FTP access but they don't get access to their home directories. Instead, I use local_root and user_sub_token to restrict them into a specific FTP directory. (The value of chroot_local_user does not affect the outcome here.) I have selinux on and configured so that the FTP daemon has no access to user home directories, since it doesn't need it in this configuration. Unfortunately when a user logs in, vsftpd will first chdir to their home directory and then immediately chdir to the place defined by local_root. It doesn't do anything in their home directory, and looking there is completely pointless. It is also forbidden by selinux, and so the FTP session aborts at login. If I hack the source to not fail when the needless chdir happens, everything works fine. Unfortunately I haven't investigated the impact of this change on other configurations so I can't suggest a patch at this time.
I use this configuration: anonymous_enable=NO local_enable=YES guest_enable=YES write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES xferlog_std_format=YES pam_service_name=vsftpd listen=YES chmod_enable=NO Selinux option "Allow read/write" files in the user home directories" is set to NO Everything is working fine Option "local_root" represents a directory which vsftpd will try to change into after a local login !! My configuration uses implicit anonymous directory "/var/ftp". This you can change with option "anon_root"