|
|
@@ -1,15 +1,15 @@
|
|
|
-- name: enable chroot for local users
|
|
|
+- name: disable default chroot for local users
|
|
|
lineinfile:
|
|
|
dest: /etc/vsftpd.conf
|
|
|
- line: 'chroot_local_user=YES'
|
|
|
+ line: 'chroot_local_user=NO'
|
|
|
regexp: '#? *chroot_local_user=.*'
|
|
|
become: yes
|
|
|
notify: reload vsftpd
|
|
|
-- name: chroot listed users only
|
|
|
+- name: enable chroot for explicitly listed users
|
|
|
lineinfile:
|
|
|
dest: /etc/vsftpd.conf
|
|
|
# option only takes effect if chroot_local_user is activated
|
|
|
- line: 'chroot_list_enable=NO'
|
|
|
+ line: 'chroot_list_enable=YES'
|
|
|
regexp: '#? *chroot_list_enable=.*'
|
|
|
become: yes
|
|
|
notify: reload vsftpd
|
|
|
@@ -30,6 +30,7 @@
|
|
|
with_items: '{{vsftpd_allowed_users}}'
|
|
|
- name: create chroot list
|
|
|
copy:
|
|
|
+ # changes in chroot list do not require a reload of the vsftpd service
|
|
|
dest: /etc/vsftpd.chroot_list
|
|
|
content: |
|
|
|
{% for user in vsftpd_allowed_users %}
|
Fabian Peter Hammerle