Alright, well I have it setup right now to allow local users then I just add users to the group ftp, this isn't working exactly how id like it but its a start.

Basically I would like to get to the point where users can do the following:

Have only certain folders they can access
Move files and folders to OTHER folders they have access to
And id like atleast my account to be able to manipulate everybodies stuff

I am sure one of you guys has some experience with this, judging by the mass amount of posts I have seen ( sorry I don't have time to search through them with work and everything )

Sorry once again for not having the time to search through a, most likely, answered question.

Anyone have a clue? I am at work right now so best I can do is respond to posts =/

You just have to make system accounts for the users you want to give access to.

Try the following bits of vsftpd.conf

# Uncomment this to allow local users to log in.
local_enable=YES

# Uncomment this to enable any form of FTP write command.
write_enable=YES

# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES

# These ASCII options are split into upload and download because you may wish
# to enable ASCII uploads (to prevent uploaded scripts etc. from breaking),
# without the DoS risk of SIZE and ASCII downloads. ASCII mangling should be
# on the client anyway.. (we have only trusted users)
ascii_upload_enable=YES
ascii_download_enable=YES

chroot_local_user=YES


The chroot bit confines them to their home directory.

If you run vsftpd directly (from an init script) you restart it with
/etc/init.d/vsftpd restart
or if from inetd
/etc/init.d/inetd restart

Oliver

The above is what you would normally do for running VirtualHost web sites.
Obviously, as padonker says, you will need to create user accounts for them with useradd -m. Their user password will also be their ftp password.

Well, say I had a folder

/var/ftp/music

That I wanted everyone to be able to access, and view their homedirectory, but thats all, will chroot keep them away from that? If so I don't think chroot is the right road for me.

Don't know if thats confusing so ill give an example

A & B are users

A should only be able to see his home directory and the /var/ftp/music folder
B should only be able to see his home directory and the /var/ftp/music folder

Also, how should I add the users, is there a special group I should put them into? Right now I just did,

useradd -m -d /home/username username
passwd username ... etc

To set a group in useradd use -g
To change it later use usermod userA -g groupF for the main group
or -G to supplementary groups.

You're right, the chroot would lock them away from /var/ftp/music

I don't know if theres a way in vsftp to do what you want, but a bit of lateral (/lame) thinking in the engine room here came up with the solution of creating a symbolic link in the user home directory (which does not work):

yourmachine:/home/userA# ln -s /var/ftp/music music
yourmachine:/home/userA# chown userA music

and do the chroot in vsftpd.conf

If you chroot in vsftpd symbolic links cannot be followed outside of your root jail.
So, if your root is /home/user, setting a symlink to /some/dir/ is not possible.
Furthermore masking of directories is not possible under linux filesystems. I assume that you want the user only want to see /home/user and /some/dir, while not showing /usr /var /etc, and so on.
If it IS possible, it is a feature that has not come to me yet I know that such dir masking is possible under Novell and possibly eDirectory, but not (yet) under Linux. If I'm wrong, somebody please correct me and explain me how because I also would like to do that

Oh well.
Seemed like a good idea at the time.

What people used to do for web sites before apache VirtualHost directives, was the following. It may not be ideal, but it will work.

For uploads, users upload to /home/userA/music
a cron job copies the files into /var/ftp/music.

For downloads you could do the reverse. A bit of a waste of disk space, and only practical for a limited number of users.

Perhaps you could have people upload files using the above method, and download them via http, using basic auth if you need to restrict access.

Oliver

I looked into this a little further myself and found the following alternative:

As long as you have a recent Kernel, you can mount directories in more than one place, so:

mybox# mount --bind /var/ftp/music /home/userA/music

will do the trick.

c.f. http://proftpd.linux.co.uk/localsite...-symlinks.html

Yes, that could be a way to do it

Alright so with the above way anything they upload to their home will really be uploaded to the music directory? If so, works for me =)

But one problem, when the users try to download something it gives them this error:

ftp: get: connection reset by peer
but they can upload perfectly

The error is network related, maybe a firewall thing

Odd, I opened up 21, with the iptables command a while back, and have all the other routers forwarding it. Should I have 20 forwarded as well? Or maybe I am doing the iptables command wrong =/

officially 20 should be open as well