-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Montana_Al wrote: | Hello Group, | | We just made the big change over to Linux!!! I have FC3 and I cannot find any help in taking care of a problem. | | I need to give access to a remote user via FTP using vsftpd. I need to make sure he needs to log on using a username and password. I also want to limit him to only having access to his files that he needs to update his web site only. | | I gone to the vsftpd.conf file and have set it up to not allow anonymous login's. I have also turned on vsftpd and built him as a user but when he FTP's in he is at his home directory I just want to log in and be at his web site files. I just cannot put together what I need and I am sure there have to be a way. Thanks in advance for your help | | Alex | |
I use pure-ftpd instead of vsftpd, but I am sure there are similar features.
First, I always chroot the user. Being new to Linux, I am not sure if you are familiar with the chroot concept, so please excuse me if I explain something you think elementary. Chroot is a security system that locks a user into a false root. What they see as / could easily be /home/username. This prevents users from roaming around your file systems they have no business being in to start with.
Pure lets me create a soft chroot. In this case, I can follow symblinks to locations outside the chroot directory. So, in this case, I may chroot the user, then create symblink in the users home directory, to the directory holding his web files. In a standard chroot, this would not be allowed. It is a dangerous feature if you do not use it with caution, but is a wonderful feature if you use it right. My users now get a custom view of FTP that can follow any path I let them into.
If vsftpd does not support this, the other item you can look at is a way to create a "FTP Home" directory. Again using Pure as an example...
The default behavior of Pure is to set the home directory to the UNIX account home directory. I can over-ride that however. All my accounts are kept in LDAP. If I add a PureFTPdUser objectclass to that person's entry, I can add a special home directory to be used by the FTP server only. With the chroot feature mentioned above, they would be locked into that directory and its subdirectories only.
Functionality dictates design, so most FTP programs have similar features. They may not all support the soft chroot (well worth the cost of admission IMHO) or LDAP, but the functionality is generally there somewhere. Check your docs for some of the keywords I used above, and I bet you find your solution.
- -- Kevin Fries Network Administrator Hydrologic Consultants, Inc of Colorado (303) 969-8033 FAX: (303) 969-8357 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.6 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCWqX1iFq1Eo16+CgRAr6kAJ9AAm5FC01JnaGRnfXVTmZ/Xd7V1ACfT0w2 kYljL7r3fL8BOmc/ih06Pzw= =rVzO -----END PGP SIGNATURE-----