Hi,

I'm having trouble setting up a vsftp server correctly. What I want to do is allow a number of users to log on (no anonymous user) and each of them to be taken to their own "top level directory" from which they can not escape.

I've got most of this working, but I can't find a way to automatically transfer each user to *their* working area. The "local_root" directive doesn't quite do what I want as everybody has to share the same working area (potentially users could interfere with each other). On the other hand I don't want each user to work from their home directory because there are loads of special files there that I don't want users playing with.

To add one extra compilation, I'm also running an html server on the same machine. One of the directories the html server can see is one of the ftp area root directories (So what I'm trying to do is give one special user ability to ftp files onto the html server. Other users must *NOT* have this ability)

Any ideas?

Thanks.

You can jail your users under a directory (/foo for example) and use:
This way each user will chrooted under /foo/<username> (of course you have to create these directories) and will not mess with /home/<username>

If you want users to "interfere" then create a common folder for them (e.g. /foo/common) create a mountpoint in each user's dir (/foo/<username>/common) and use mount --bind to mount the share folder:
Don't forget to assign the appropriate permissions.
The last is more generic. You can be more restrictive if you want.

Use the same mount --bind technique to mount the html directory in that user's homedir.

Regards

1 members found this post helpful.

That's absolutely perfect

I didn't know that I could use /foo/$USER to point at individual directories. Rather then using mount points I could use symbolic links...

You cannot use symlinks in vsftpd, that's why you have to mount --bind the directories you want your users to have access

Regards

Thank you once again for getting back to me.

I tied symbolic links after I posted my reply yesterday. They appear to have worked as I expected. Now I'm curious - is there a problem that I've missed?

BTW, the links are to links on my local disc.

How have you created those symlinks? Are you sure you cat put/get files in the symlinked directories?
Because vsftpd is known to not support symlinks outside the chrooted directory of each user.

Hi,

What I did was:

# Set up vsftp to only allow specific user to up and down load files to their dirs
vi /etc/vsftpd/vsftpd.conf
write_enable=YES
download_enable=YES
anonymous_enable=NO
userlist_deny=NO
userlist_file=/etc/vsftpd/user_list.valid
user_sub_token=$USER
local_root=/ftp/$USER

# define my list of valid users
vi /etc/vsftpd/user_list.valid
user_1
user_ftp
user_html

mkdir -p /ftp/user_1 # user_1 is a regular ftp user
mkdir -p /ftp/user_ftp # user_ftp is also a regular ftp user
ln -s /www/root/extra /ftp/user_html # user_html needs to modify the existing html scripts
chmod -R a+wr /ftp/user_1 # Allow read write access to directories
chmod -R a+wr /ftp/user_ftp # Global access is probably OK as only specific users can ftp in, and
chmod -R a+wr /www/root/extra # only root user can ssh in


I've tried this with a couple of test files and everything looks OK. The two regular ftp users can change their private directories (into which they are jail locked). The html_user can see and upload into the html server directory.

Thanks