chroot users to home dir

tasks/chroot.yml

@@ -0,0 +1,39 @@
+- name: enable chroot for local users
+  lineinfile:
+    dest: /etc/vsftpd.conf
+    line: 'chroot_local_user=YES'
+    regexp: '#? *chroot_local_user=.*'
+  become: yes
+  notify: reload vsftpd
+- name: chroot listed users only
+  lineinfile:
+    dest: /etc/vsftpd.conf
+    # option only takes effect if chroot_local_user is activated
+    line: 'chroot_list_enable=NO'
+    regexp: '#? *chroot_list_enable=.*'
+  become: yes
+  notify: reload vsftpd
+- name: set path to chroot list
+  lineinfile:
+    dest: /etc/vsftpd.conf
+    # vsftpd default: /etc/vsftpd.user_list
+    line: 'chroot_list_file=/etc/vsftpd.chroot_list'
+    regexp: '#? *chroot_list_file=.*'
+  become: yes
+  notify: reload vsftpd
+- name: restrict write permissions on home of chrooted user
+  file:
+    path: '~{{item}}'
+    owner: root
+    mode: u=rw,g-w,o-w
+  become: yes
+  with_items: '{{vsftpd_allowed_users}}'
+- name: create chroot list
+  copy:
+    dest: /etc/vsftpd.chroot_list
+    content: |
+      {% for user in vsftpd_allowed_users %}
+      {{user}}
+      {% endfor %}
+    mode: u=rw,g=,o=
+  become: yes

tasks/main.yml

@@ -18,3 +18,4 @@
   become: yes
   notify: reload vsftpd
 - include: userlist.yml
+- include: chroot.yml