VSFTPD and user lock to a path
 

Hi

I try to lock a user "ftpuser1" and add on a group "sftponly" to a path and have access only on this folder and subfolders and files on it like:

And i have on config:

But the user has no permissions for this folder at all :(

How can i change the permissions for this user from:

and lock him at:

?

Thanks

Hi,

You can change the user's homedir using the usermod command.
Then you need to change ownership of /home/nginx/domains/mydomain.com/public/uploads, so your user can write in that directory
BTW in this case you don't need the "local_root..." directive.

Regards

Yes i use the command:


What permissions should i use then?

I try with userftp1:sftponly but the user is going again to / :(

If your user is userftp1, run

Mind that with chroot the / for the user in question is actually its homedir

Ok i did it and i login to the server and when i try to go from / to /home/nginx/ i got this:

:(

Then i set permissions for nginx folder to ftpuser1 and grgoup nginx and it works but now my site is not working as nginx doesn't like the permissions :(

How doesn't nginx like the permissions? What is the error you get? What's in error_log?
Using 755 for directories and 644 for files (usually the default) should work.

404 not found

Yes i have 755 for folders and 644 for files but the forum stop working when i change the group from nginx to ftpuser1 :(

When i change it back to nginx the forum is working again...

It should work.
What's about the 404 error in error_log?
You can also try to add your user in nginx group and chown/chgrp the docroot accordingly

Almost done :)

The problem was the nginx permissions had set GID and i remove it and now working both user and site :)

Now i have only two problems one big and one small :)

1)The user can view the contents of .php files own by nginx user and group (small problem)
2)The user can go back to / and view the /backup folder and the backups inside that created by root and download them (big one)

Thanks

If you have set the user homedir as /home/nginx/domains/mydomain.com/public/uploads, he cannot escape the jail and go upwards to /home/nginx/domains/mydomain.com/public, as he sees just the /, unless you've changed something in vsftpd config

I use the config that i post in my topic .... :(

and this:

Info:

This is also what i have on /etc/passwords



And yes now the user when logins goes to the correct folder automaticaly:

But he can go back to /backup and download the root backup files.... :(

is this option chroot_list_enable enabled ? I am just asking dont try anything yet or read man page.

@OP
Your config is good. In fact I've tested here and it doesn't allow me to go outside local_root.
As a side note:
You have used 2 times "chroot_local_user=YES", but I'd guess it's not the issue here.
Also as I've already told you, you don't need "local_root=...", since you have setup that directory as the user homedir in /etc/passwd.

So ,do you restart vsftpd after making changes to vsftpd.conf?
And are you sure you're using the correct vsftpd.conf?

chroot_list_enable ?

i have this with the comment:

maybe i must uncomment it and use it as YES ?

and the config file that i use is: