[SOLVED] How to create an FTP user restricted to certain directories?
Linux - ServerThis forum is for the discussion of Linux Software used in a server related context.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How to create an FTP user restricted to certain directories?
I know this is a common question, I found it all over with my Google search. The problem is most instances a person successfully implemented this don't have details or have details that are above my level of understanding with Linux. For instance, one post advised a chroot jail then said all I had to do was link to folders I want accessed to the user's /home. I don't know how to link folders so....
I am using Fedora release 14 (Laughlin). I would like to give a client access to a set of files to update their Magento theme themselves. I don't want them browsing the rest of my server.
I only want them to have access to /var/www/html/magento/app/desing/frontent/%storename% and
/var/www/html/magento/skin/frontend/%storename%
The client currently doesn't have any login or access. Only I have access to the server as root. I know that's not awesome please spare me the lecture.
So to summarize, I need to create an FTP user account that only has read and write access to the two previously mentioned directories.
Can someone please give me some step by step instructions on this. Please make the instructions as basic as possible. Some posts I read reference VSFTP. I don't know what that is but it is installed on my server. I did 'service vsftpd status' and it returned 'vsftpd is stopped'. Not sure if that's helpful but...
I access the server using WinSCP with the root username and password.
Last edited by thecomputerguy06; 11-14-2012 at 11:49 AM.
So ftpuser is the group. I assume you put FTP USER in all caps becuase I'm supposed to enter in the real user's name in there correct?
What is /ftp/username? Am I supposed to create that directory first? Is there really going to be a directory called username or do I substitute the real user's name in there? Let's just say the user is 'barry', would it be:
groupadd ftpuser
useradd -c "barry" -u 1066 -g ftpuser -d /ftp/barry -m -s /bin/true ftpuser?
When I entered in groupadd ftpuser
useradd -c "FTP USER" -u 1066 -g ftpuser -d /ftp/username -m -s /bin/true ftpuser, I got en error msg that the directory could not be created. I decided to create an ftp directory in /home and update the command accordingly. No error msg then.
Tried logging in with WinSCP (SFTP mode) but I realized we never set a password on the user account.
So ftpuser is the group. I assume you put FTP USER in all caps becuase I'm supposed to enter in the real user's name in there correct?
What is /ftp/username? Am I supposed to create that directory first? Is there really going to be a directory called username or do I substitute the real user's name in there? Let's just say the user is 'barry', would it be:
groupadd ftpuser
useradd -c "barry" -u 1066 -g ftpuser -d /ftp/barry -m -s /bin/true ftpuser?
When I entered in groupadd ftpuser
useradd -c "FTP USER" -u 1066 -g ftpuser -d /ftp/username -m -s /bin/true ftpuser, I got en error msg that the directory could not be created. I decided to create an ftp directory in /home and update the command accordingly. No error msg then.
Tried logging in with WinSCP (SFTP mode) but I realized we never set a password on the user account.
OK so after playing with the symlink commands a little I finally got it to link.
ln -s /var/www/html/magento/skin/frontend/%storename%/default/ /ftp/FTP USER/skin is what ended up working
HOWEVER, when I log in as this user, I am unable to get into skin. Cannot change directory is the message I get. I played with permissions to no avail. For testing I even made the directories 0777, but still cannot change directory in WinSCP.
Last edited by thecomputerguy06; 11-15-2012 at 10:07 AM.
OK now that I've thoroughly screwed up the directory permissions on my production eCommerce server, I give up!
As stated above, I got the user created. The user was restricted to the directory I chose. The user did not have write access to anything in the directory without adding write permission for the group. When I added a sym link to another directory the user needs access to, he couldn't change directory into it. I made the sym link and linked directory 777 and still cannot change directory.
In the process, I inadvertently made an unspecified amount of unrelated folders 777. I don't know what sort of security problems I will have now but I'm completely bass ackwards and side down up right now and I don't care anymore!
"I'm doing these from memory so some "trial and error" will need to be done on your part" I just don't have enough linux experience for that.
I eventually had to create two separate logins so this guy can access both locations because I just couldn't get the sym links on directories to work correctly. I also had to make all folders he needed access to 777 which really bites but it's whatever for now.
Thanks for all the tips.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.