okay, here's my problem: i'm creating a secure file server with cent os and i want to chroot users to their home directories in a secure manner (one that is not too easy to break out of). my problem is that i don't really know how to approach this. i've read a whole bunch of advice on various sites about how to do this properly but none seem to go through the whole procedure.

i would like to allow ONLY secured ftp traffic (no telnet, ftp, etc) and no anonymous or root access (the intent is to allow clients to access sensitive files from their homes via ftp). i also want each user to only have access to their own files (in their home directory). the only permissions these users need is to copy files to and from this directory and to perform basic directory operations (list files, remove files, etc).

please someone, what is the best way to do this? i'm inclined to use vsftpd because of its ease of chrooting but this requires a lot of setup with my current install (xinetd is in control and i don't know how to change it from using sshd). on the other hand i've also written a rudimentary chroot script which could be applied to all users logging in with sshd but i'm not sure how to make it run on login and so forth.

any suggestions would be GREATLY appreciated! thanks in advance!

pardon my blatant bump but i'm still at a loss, does anyone have any ideas?

never donne this but in sshd_config

# override default of no subsystems
Subsystem sftp "sudo /usr/sbin/vsftpd"

then only configure this file correctly: /etc/sudoers
configure vsftpd and i think it will work

thanks, but that didn't do it. sshd won't start with that line at the end, calling it "garbage at the end of the line"... perhaps you can't sudo from sshd_config?

then i can't see any other option ,

you have to run vsftpd as root.


do it with sftp-server and make a script to chroot-jailling the users

i don't understand what you're saying here. what is sftp-server and what should i do with it? i did write a script to chroot users but i'm not sure how to apply it to ssh or vsftp (probably wouldn't need it with vsftp though because it has a builtin chroot function, right?)

anyway, thanks very much again! i am making some progress, better than nothing!

in sshd_config this is when you want a secure ftp as subsystem. you acually don't need an other ftp-daemon but i don't know if you even can configure it. i can't find any config-file.
but this hasn't got a chroot!!!

# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server

you can apply your chroot-script in every user-home, i don't know exactly how your script looks like so i cant tell you how to apply it