| 123456789101112131415161718192021222324252627282930313233343536373839 |
- - name: enable chroot for local users
- lineinfile:
- dest: /etc/vsftpd.conf
- line: 'chroot_local_user=YES'
- regexp: '#? *chroot_local_user=.*'
- become: yes
- notify: reload vsftpd
- - name: chroot listed users only
- lineinfile:
- dest: /etc/vsftpd.conf
- # option only takes effect if chroot_local_user is activated
- line: 'chroot_list_enable=NO'
- regexp: '#? *chroot_list_enable=.*'
- become: yes
- notify: reload vsftpd
- - name: set path to chroot list
- lineinfile:
- dest: /etc/vsftpd.conf
- # vsftpd default: /etc/vsftpd.user_list
- line: 'chroot_list_file=/etc/vsftpd.chroot_list'
- regexp: '#? *chroot_list_file=.*'
- become: yes
- notify: reload vsftpd
- - name: restrict write permissions on home of chrooted user
- file:
- path: '~{{item}}'
- owner: root
- mode: u=rw,g-w,o-w
- become: yes
- with_items: '{{vsftpd_allowed_users}}'
- - name: create chroot list
- copy:
- dest: /etc/vsftpd.chroot_list
- content: |
- {% for user in vsftpd_allowed_users %}
- {{user}}
- {% endfor %}
- mode: u=rw,g=,o=
- become: yes
|
