LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 06-19-2008, 01:11 AM   #1
Niceman2005
Member
 
Registered: Nov 2004
Distribution: Fedora Core 2
Posts: 330

Rep: Reputation: 30
vsftpd: restrict ftp user to designated directory


Dear friends,

I wonder if it is possible to restrict ftp user to only ftp into directories designated to them. I have read about chroot which restrict them to their home directory only, but i want more than that, i want to restrict them from accessing the whole system directories except one or two specially for their use.
Just like permission in general filesystem...

thanks for helping!
 
Old 06-19-2008, 01:33 AM   #2
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 62
The basic idea of chroot is to change the processes concept of the root directory to the one specified. This restricts accessing the ".." directory to traverse up the directory tree. It has no ability to restrict downwards; this you must do with file permissions and/or appropriate directory tree layout.

You can create a real or virtual user, and configure vsftpd to chroot to a specified directory.

Can you more clearly define/describe how you want to set up the system ?
 
Old 06-19-2008, 02:30 AM   #3
Niceman2005
Member
 
Registered: Nov 2004
Distribution: Fedora Core 2
Posts: 330

Original Poster
Rep: Reputation: 30
Dear Mr.C

Thanks for your help.
For my requirement, say i have two departments 1) Accounts & 2)HR
Then i have a path directory to account folder at: /var/www/accounts
Also a path directory to HR folder at: /var/www/hr
And i create two system users 1) accountuser 2) HRuser

then from an FTP client, when a user use accountuser to login, he will straight away be directed into the folder /var/www/accounts. That means he can only see the files under /var/www/accounts folder, no access to other path such as /root, /usr/local/sbin etc.

And when one use the user HRuser to access, he is straight directed to path /var/www/hr, he has no access to /var/www/accounts..

Something like that...thanks for your help..
 
Old 06-19-2008, 02:58 AM   #4
Mr. C.
Senior Member
 
Registered: Jun 2008
Posts: 2,529

Rep: Reputation: 62
Either setup hr and accounts home directories as /var/www/hr and /var/www/accounts, respectively, or if this isn't possible for your situation, the consider instead using virtual users, combined with the user_config_dir and user_sub_token parameters. Virtual users are "guest" users, mapped to a specific user ID you reserve for virtual FTP users.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
VSFTPD - restrict user access? v00d00101 Linux - Security 2 08-09-2011 03:35 PM
VSFTPD Configuration to restrict user browsing wizzkid8 Linux - Software 1 03-04-2006 07:50 AM
create ftp user for vsftpd server without home directory cccc Linux - Networking 2 07-30-2005 07:32 AM
Restrict User to FTP Only maxhugen Linux - Security 3 10-23-2003 07:01 PM
Create and Restrict User vsftpd? LinuxNoobs Linux - Networking 1 05-20-2003 04:57 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 10:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration