I am using CentOS 5.6 with ext3. Users will login ftps (I'm using vsftpd), but I'm hoping to solve this at the file system level.

vsftpd is set to chroot them. ftps is working fine. Each user will own their subdirectory - no one else will have access.

*They should be able to write files in their chrooted directory but NOT write subdirectories.*

I've checked man on vsftpd.conf and briefly looked into selinux on this topic. I've looked on the Internet and see others that have posted about this, but with no real answer.

I could do a cron every minute to delete files that don't belong but don't like that solution.

I want them to be prevented during initial creation of a subdirectory.

Anyone have a suggestion?

try "cmds_allowed=" and specify all commands (ABOR,APPE,CWD,DELE,HELP,LIST,MDTM,etc,etc) except "MKD"?

Alternately
if you have a recent enough version

1 members found this post helpful.

Missed that option... Nice find!

Thanks to both of you! My vsftpd version is older than 2.1.0 so I had to use the cmds_allowed stanza. For the complete list of commands, I went to http://viki.brainsware.org/?en/cmds_allowed.

If it helps someone, my syntax is (minus MKD):
cmds_allowed=ABOR,ACCT,ALLO,APPE,CDUP,CWD,DELE,EPRT,EPSV,FEAT,HELP,LIST,MDTM,MODE,NLST,NOOP,OPTS,PAS S,PASV,PORT,PWD,QUIT,REIN,REST,RETR,RMD,RNFR,RNTO,SITE,SIZE,SMNT,STAT,STOR,STOU,STRU,SYST,TYPE,USER, XCUP,XCWD,XMKD,XPWD,XRMD,ADAT,AUTH,CCC,CLNT,CONF,ENC,GET,LPRT,LPSV,MGET,MIC,MPUT,PBSZ,PROT,PUT

@unSpawn: Thx

Actually, my knowledge of vsftpd is pretty limited; what I always do is go here https://security.appspot.com/vsftpd/vsftpd_conf.html which is the official conf page as re-directed from the home site vsftpd.beasts.org

HTH others