|
|
@@ -0,0 +1,39 @@
|
|
|
+- name: enable chroot for local users
|
|
|
+ lineinfile:
|
|
|
+ dest: /etc/vsftpd.conf
|
|
|
+ line: 'chroot_local_user=YES'
|
|
|
+ regexp: '#? *chroot_local_user=.*'
|
|
|
+ become: yes
|
|
|
+ notify: reload vsftpd
|
|
|
+- name: chroot listed users only
|
|
|
+ lineinfile:
|
|
|
+ dest: /etc/vsftpd.conf
|
|
|
+ # option only takes effect if chroot_local_user is activated
|
|
|
+ line: 'chroot_list_enable=NO'
|
|
|
+ regexp: '#? *chroot_list_enable=.*'
|
|
|
+ become: yes
|
|
|
+ notify: reload vsftpd
|
|
|
+- name: set path to chroot list
|
|
|
+ lineinfile:
|
|
|
+ dest: /etc/vsftpd.conf
|
|
|
+ # vsftpd default: /etc/vsftpd.user_list
|
|
|
+ line: 'chroot_list_file=/etc/vsftpd.chroot_list'
|
|
|
+ regexp: '#? *chroot_list_file=.*'
|
|
|
+ become: yes
|
|
|
+ notify: reload vsftpd
|
|
|
+- name: restrict write permissions on home of chrooted user
|
|
|
+ file:
|
|
|
+ path: '~{{item}}'
|
|
|
+ owner: root
|
|
|
+ mode: u=rw,g-w,o-w
|
|
|
+ become: yes
|
|
|
+ with_items: '{{vsftpd_allowed_users}}'
|
|
|
+- name: create chroot list
|
|
|
+ copy:
|
|
|
+ dest: /etc/vsftpd.chroot_list
|
|
|
+ content: |
|
|
|
+ {% for user in vsftpd_allowed_users %}
|
|
|
+ {{user}}
|
|
|
+ {% endfor %}
|
|
|
+ mode: u=rw,g=,o=
|
|
|
+ become: yes
|
Fabian Peter Hammerle