Quote:
I'm having trouble setting up a vsftp server correctly. What I want to do is allow a number of users to log on (no anonymous user) and each of them to be taken to their own "top level directory" from which they can not escape.
I've got most of this working, but I can't find a way to automatically transfer each user to *their* working area. The "local_root" directive doesn't quite do what I want as everybody has to share the same working area (potentially users could interfere with each other). On the other hand I don't want each user to work from their home directory because there are loads of special files there that I don't want users playing with.
|
You can jail your users under a directory (/foo for example) and use:
Code:
local_enable=YES
local_root=/foo/$USER
user_sub_token=$USER
This way each user will chrooted under /foo/<username> (of course you have to create these directories) and will not mess with /home/<username>
If you want users to "interfere" then create a common folder for them (e.g. /foo/common) create a mountpoint in each user's dir (/foo/<username>/common) and use mount --bind to mount the share folder:
Code:
mount --bind /foo/common /foo/user1/common
mount --bind /foo/common /foo/user2/common
Don't forget to assign the appropriate permissions.
Code:
chgrp -R users /foo
chmod -R 775 /foo
The last is more generic. You can be more restrictive if you want.
Quote:
To add one extra compilation, I'm also running an html server on the same machine. One of the directories the html server can see is one of the ftp area root directories (So what I'm trying to do is give one special user ability to ftp files onto the html server. Other users must *NOT* have this ability)
|
Use the same mount --bind technique to mount the html directory in that user's homedir.
Regards