This is fairly simple to achieve.
In your /etc/vsftpd/vsftpd.conf file; make sure the following line exists:
In RHEL/CentOS 5 this is there by default. In /etc/vsftpd there should be a file called user_list
. Having the "userlist_enable=YES" as above; means that all users listed in the user_list
will be DENIED
access to the ftp server.
Thus this should take care of your first requirement - just ensure that your 10-15 users that should have access; are NOT
in the user_list file.
To allow other users to download stuff without logging in; means basically enabling anonymous FTP read only access. To achieve this make sure the following lines are in your /etc/vsftpd/vsftpd.conf:
The first line will enable anonymous access (so any user can login as "anonymous" or "ftp" with no password) and the second line makes the anonymous root directory set to your ftp location. Obviously you would need to ensure that permissions allow reading of that directory (# chmod 755 /my/ftp/directory)
For the above to take effect you need to restart vsftpd:
#service vsftpd restart
This should do the trick