So I'm trying to setup a secure FTP server. I'm not really sure what the standard setup/procedure is for this. It seems to me that the Linux file permissions are quite difficult to setup in a way that prevents logged on users from browsing around and reading things that maybe they shouldn't. I'd like to have a clean and simple environment for the users, where they just see what they need to, and nothing else. I tried to chroot them to their homes, but then found that symlinks can't get you outside either. I have areas of my filesystem that I want them to have access to, that would be unsuitable to, and far to large for, an ftp user's home directory. So all I can think of is to have a regular login to the home, with the symlinks that I want, and to setup strange and annoying file permissions all over my filesystem. Is there some great way to do this that I don't know about?

I'm also curious about the encryption. As I understand it, using SFTP through SSH encrypts everything, including the data transferred. This is what I want. However, I was reading some documentation for PureFTPd, and it mentioned that it only encrypted the logins and commands, not the data. I'm wondering if this is a universal difference between SSH and the regular FTP daemons with SSL/TLS support.

Finally, I'd just like to know what the most common procedures are for this, and what servers are recommended.

Thank you in advance,
jef

SFTP: ftp over ssh, everything is encrypted
FTPS or FTP/ssl:ftp over ssl, the control connection is encrypted. The data connections are not always encrypted. Check your server documentation.

If you have openssh, sftp probably already works, give it a try.
Most ftp servers allow you to jail a user in his home directory. Check your server documentation. I don't think Openssh/SFTP can do this, as the user must have an account with ssh shell access anyways, which can't really be jailed. It would be pointless to restrict him in sftp mode and let him see the files in ssh.

Alright, so not all FTPS servers encrypt the data. Good to know, I'll have to make sure of that, then. Or I'll just use SSH.

SFTP does work over SSH. My problem is what to do now. I did set it up so the user was chrooted to their home directory (jailed, as you say). It was a lot of work, just to find out that this won't work for me. You have to put the essential shell environment files in their home directory, basically. But you also need a specially compiled, and patched, SSH for it to work properly.

As I mentioned in my first post, I don't want to chroot (jail) the users to their home. I have some areas of my filesystem, that are very large, that I don't want residing in that user's home directory. I was hoping that symlinks could get them out of their homes, just to these specific folders, but they can't.

I'd like to know how people setup their ftp servers, if they don't chroot users to their homes. It just doesn't seem right for ftp users to have the ability to peruse your entire filesystem. Chroot can't be the only way to prevent this. Even IIS has a simple mechanism for virtual hosts that link to a specific folder and don't allow users outside of it. The only way that I can think of, to mimic this in linux, would be to have a user for each one of these folders, and to make those folders their home directories. That's just silly. :P

For obvious reasons, you can't leave a chroot. proftpd gives you some suggestions:
Pureftpd has a virtual chroot mode to follow symlinks http://www.pureftpd.org/

That 'mount -Flofs' would be perfect! If it worked for me
It's telling me that the first directory is not a block device.

That virtual chroot that allows symlinks would also be neat. But pureftpd is the one where the docs said it didn't encrypt the data .

I'd like to get that fancy mounting thing to work. I'll have to look into that.

Thanks for the advice.

man mount:

Since Linux 2.4.0 it is possible to remount part of the file hierarchy
somewhere else. The call is
mount --bind olddir newdir
After this call the same contents is accessible in two places.

Omg, thank you Stefan. That worked for me, and will be perfect. I was just coming back here to see what the arguments were for the "Flofs" one so I could get on with troubleshooting why it wasn't working for me. Now I don't have to, thank you.

The Flofs one was for Solaris.

Be careful: with too many users, I think you can run out of mountable filesystems (I think you can only have 255 mounted filesystems or something like that), but I am not sure.