HPE Community
Operating System - Linux
1829010 Members
2493 Online
109986 Solutions
New Discussion

Re: control the ftp directory

 
SOLVED
Go to solution
hangyu
Regular Advisor

‎09-13-2006 01:51 PM

‎09-13-2006 01:51 PM

control the ftp directory

I want to create a new login ID and control this ID can only access to a specify directory eg. /home/ftp_usr , can advise what can I do ? thx
0 Kudos
Reply
10 REPLIES 10
Vitaly Karasik_1
Honored Contributor

‎09-13-2006 06:36 PM

‎09-13-2006 06:36 PM

Re: control the ftp directory

so you want to set up chroot-ed ftp user.
there are lot manuals, see for example http://www.cyberciti.biz/tips/vsftp-chroot-users-limit-to-only-their-home-directory.html
0 Kudos
Reply
hangyu
Regular Advisor

‎09-13-2006 06:44 PM

‎09-13-2006 06:44 PM

Re: control the ftp directory

thx reply,

But I found that if I add "chroot_local_user=YES" , ALL user only can access OWN directory , if I want a SPECIFY user can access some SPECIFY directory , what can I do ? thx

"Now all users of VSFTPD/FTP will be limited to accessing only files in their own home directory. They will not able to see /, /etc, /root and /tmp and all other directories. This is an essential security feature. "
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

‎09-13-2006 07:03 PM

‎09-13-2006 07:03 PM

Re: control the ftp directory

You can add a user with:
useradd -d /path/dirname
to the system so upon his login he'll get the directory (and its subdirectories) you want. If you enabled chroot_local_user option then the user will be limited to this directory.
Reply
Ivan Ferreira
Honored Contributor

‎09-14-2006 01:31 AM

‎09-14-2006 01:31 AM

Re: control the ftp directory

You need to use the following options:

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/vsftpd.chroot_list

Only users listed in the file will be in chroot jail.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Reply
George Liu_4
Trusted Contributor

‎09-14-2006 05:41 AM

‎09-14-2006 05:41 AM

Solution

Re: control the ftp directory

In addition to the above tips, no shell for the user.
Reply
hangyu
Regular Advisor

‎09-25-2006 11:23 PM

‎09-25-2006 11:23 PM

Re: control the ftp directory

thx reply,

if I want to limite the user in the specify directory not OWN directory , what can I do ? thx.
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

‎09-25-2006 11:31 PM

‎09-25-2006 11:31 PM

Re: control the ftp directory

hm,
you can always change ownership with:
chown username.groupname foldername

Make sure that the user or everyone has r-x permission for this directory, otherwise he won't be ableo to cd there.
Reply
hangyu
Regular Advisor

‎09-26-2006 05:28 PM

‎09-26-2006 05:28 PM

Re: control the ftp directory

thx alexander ,

"you can always change ownership with:
chown username.groupname foldername

Make sure that the user or everyone has r-x permission for this directory, otherwise he won't be ableo to cd there" .

of course the user can access the foldername , but if I want the user can ONLY access the foldername but not other directoies , what can i do ? thx
0 Kudos
Reply
Alexander Chuzhoy
Honored Contributor

‎09-26-2006 05:53 PM

‎09-26-2006 05:53 PM

Re: control the ftp directory

from my previous reply:

You can add a user with:
useradd -d /path/dirname
to the system so upon his login he'll get the directory (and its subdirectories) you want. If you add "chroot_local_user=YES" option to /etc/vsftpd/vsftpd.conf and restart the vsftpd service,then the user will be limited to his own directory. His own directory doesn't have to reside in /home, thus it can be the directory (the only directory with its subdirectories) that you want him to access.

P.S.
You didn't assign points, which will probably result in less replies to your questions in the future.
0 Kudos
Reply
hangyu
Regular Advisor

‎09-26-2006 06:08 PM

‎09-26-2006 06:08 PM

Re: control the ftp directory

thx alexander,

if I not only want to release the user home directory , I want to release one more directory eg. /tmp so that the user can access his own directory and /tmp either , what can I do ?thx
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.