Giving limited access to remote FTP user via vsftpd

Kevin Fries Kevin.Fries at hcico.com
Mon Apr 11 16:29:41 UTC 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Montana_Al wrote:
| Hello Group,
|
| We just made the big change over to Linux!!! I have FC3 and I cannot
find any help in taking care of a problem.
|
| I need to give access to a remote user via FTP using vsftpd. I need to
make sure he needs to log on using a username and password. I also want
to limit him to only having access to his files that he needs to update
his web site only.
|
| I gone to the vsftpd.conf file and have set it up to not allow
anonymous login's. I have also turned on vsftpd and built him as a user
but when he FTP's in he is at his home directory I just want to log in
and be at his web site files. I just cannot put together what I need and
I am sure there have to be a way. Thanks in advance for your help
|
| Alex
|
|

I use pure-ftpd instead of vsftpd, but I am sure there are similar features.

First, I always chroot the user.  Being new to Linux, I am not sure if
you are familiar with the chroot concept, so please excuse me if I
explain something you think elementary.  Chroot is a security system
that locks a user into a false root.  What they see as / could easily be
/home/username.  This prevents users from roaming around your file
systems they have no business being in to start with.

Pure lets me create a soft chroot.  In this case, I can follow symblinks
to locations outside the chroot directory.  So, in this case, I may
chroot the user, then create symblink in the users home directory, to
the directory holding his web files.  In a standard chroot, this would
not be allowed.  It is a dangerous feature if you do not use it with
caution, but is a wonderful feature if you use it right.  My users now
get a custom view of FTP that can follow any path I let them into.

If vsftpd does not support this, the other item you can look at is a way
to create a "FTP Home" directory.  Again using Pure as an example...

The default behavior of Pure is to set the home directory to the UNIX
account home directory.  I can over-ride that however.  All my accounts
are kept in LDAP.  If I add a PureFTPdUser objectclass to that person's
entry, I can add a special home directory to be used by the FTP server
only.  With the chroot feature mentioned above, they would be locked
into that directory and its subdirectories only.

Functionality dictates design, so most FTP programs have similar
features.  They may not all support the soft chroot (well worth the cost
of admission IMHO) or LDAP, but the functionality is generally there
somewhere.  Check your docs for some of the keywords I used above, and I
bet you find your solution.

- --
Kevin Fries
Network Administrator
Hydrologic Consultants, Inc of Colorado
(303) 969-8033    FAX: (303) 969-8357
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCWqX1iFq1Eo16+CgRAr6kAJ9AAm5FC01JnaGRnfXVTmZ/Xd7V1ACfT0w2
kYljL7r3fL8BOmc/ih06Pzw=
=rVzO
-----END PGP SIGNATURE-----

More information about the fedora-list mailing list