[SOLVED] Add new FTP user & give him specific folder permission only on AWS EC2

taru.tarak · 04-26-2017, 07:11 AM

We are using AWS EC2 service with CentOS6.

I want to add a new user for a specific folder only like /var/www/html so that he can access that folder only via FTP (FileZilla).

I can not give him root user login which I have. He should not access other folders.

Is there any easy way to add new user or I must have to go for VSFTPD service. Can anybody help me?

r3sistance · 04-26-2017, 10:46 AM

FileZilla supports SFTP, so I'd advise that over the high insecure FTP. As SFTP is served by the SSH Daemon, then you'll already have it installed (assuming you are using SSH to connect to the server). You would just need to set-up the user permissions then and a chroot jail to achieve what you are after. Unfortunately chroot jails can be problematic to set-up, so I'd follow a good guide on how to do it. VSFTPD does also support chroot jailing if you want to stick with FTP or go for FTPS. You would also need to ensure that the server is configured to have no login shell so that they can not use ssh.

Turbocapitalist · 04-26-2017, 12:46 PM

Yes, please forget FTP. You have SFTP already if you are connecting with SSH. With SFTP, what you ask can be done in two phases:

One step is to get the directory ready for multiple users.

The other step is to lock the one user into an SFTP chroot. For that you'll need to familiarize yourself with several directives from the manual page:

Code:

man sshd_config

In particular look up each of these:

Code:

Subsystem sftp internal-sftp

Match Group webmasters
        ChrootDirectory /var/www/html/
        AllowTCPForwarding no
        X11Forwarding no
        ForceCommand internal-sftp

Which version of openssh-server are you running?