首页 发现 帮助
登录
fphammerle
/
ansible-role-vsftpd
1
0
派生 0
文件 工单管理 0 合并请求 0 Wiki
目录树: 65240c6b9e
分支列表 标签列表
ansible-role-vs...
/
tasks
/
chroot.yml

chroot.yml 1.1 KB
文件历史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940 
  1. - name: disable default chroot for local users
    2. 

  2.   lineinfile:
    3. 

  3.     dest: /etc/vsftpd.conf
    4. 

  4.     line: 'chroot_local_user=NO'
    5. 

  5.     regexp: '#? *chroot_local_user=.*'
    6. 

  6.   become: yes
    7. 

  7.   notify: reload vsftpd
    8. 

  8. - name: enable chroot for explicitly listed users
    9. 

  9.   lineinfile:
    10. 

  10.     dest: /etc/vsftpd.conf
    11. 

  11.     # option only takes effect if chroot_local_user is activated
    12. 

  12.     line: 'chroot_list_enable=YES'
    13. 

  13.     regexp: '#? *chroot_list_enable=.*'
    14. 

  14.   become: yes
    15. 

  15.   notify: reload vsftpd
    16. 

  16. - name: set path to chroot list
    17. 

  17.   lineinfile:
    18. 

  18.     dest: /etc/vsftpd.conf
    19. 

  19.     # vsftpd default: /etc/vsftpd.user_list
    20. 

  20.     line: 'chroot_list_file=/etc/vsftpd.chroot_list'
    21. 

  21.     regexp: '#? *chroot_list_file=.*'
    22. 

  22.   become: yes
    23. 

  23.   notify: reload vsftpd
    24. 

  24. - name: restrict write permissions on home of chrooted user
    25. 

  25.   file:
    26. 

  26.     path: '~{{item}}'
    27. 

  27.     owner: root
    28. 

  28.     mode: u=rw,g-w,o-w
    29. 

  29.   become: yes
    30. 

  30.   with_items: '{{vsftpd_allowed_users}}'
    31. 

  31. - name: create chroot list
    32. 

  32.   copy:
    33. 

  33.     # changes in chroot list do not require a reload of the vsftpd service
    34. 

  34.     dest: /etc/vsftpd.chroot_list
    35. 

  35.     content: |
    36. 

  36.       {% for user in vsftpd_allowed_users %}
    37. 

  37.       {{user}}
    38. 

  38.       {% endfor %}
    39. 

  39.     mode: u=rw,g=,o=
    40. 

  40.   become: yes
    41.