VSFTP Config to send users to specific folders
I have approximately 30 users on a box. Those users are in overlapping groups(about 6-10 groups). I need them to be able to land in a specific folder based on their group assignment when they FTP in.
I.e., group1 -> /tmp/site1 group2 -> /tmp/site2
Is this at all possible with VSFTP on a SuSE box? Using SFTP isn't an option unfortunately.
Thanks!
EDIT: And in the event of a user being in several groups, just dumping them to the highest-level folder necessary to view the various folders they have access to.
You can create a chroot list with vsftpd.conf
see help instructions here: http://www.linuxquestions.org/questions/linux-networking-3/vsftpd-chroot-problem-387883/
I think you are looking for this snippet of information:
All the users belonging to ftp-users group goes into /home/ftp-docs/ftp_stuff by default when they login. They cannot navigate in other directories and are restricted to this particular directory.
You do this:
Create a directory by issuing the following command as root:
mkdir -p /home/ftp-docs/ftp_stuff
Then do this:-
chgrp ftp-users /home/ftp-docs/ftp_stuff chmod 3777 /home/ftp-docs/ftp_stuff
In the /etc/vsftpd/vsftpd.conf write this chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list
Put all you ftp-users group userś name in /etc/vsftpd.chroot_list Then in the /etc/passwd file make the home directory of all the users belonging to ftp-users group to /home/ftp-docs/ftp_stuff. Then do the following:
service vsftpd restart
Then login via any user belonging to ftp-users group you will lend into /home/ftp-docs/ftp_stuff. You cant go to the other higher level directories.
you can create multiple entries in the list for multiple groups. the order in which those groups are in the list file will dictate their highest directory I believe.
Hope that helps. Thomas
There are a few options.
-
Set the user's home directoy to the needed directory (in /etc/passwd) and configure group membership, and configure vsftpd to chroot them into their home folder.
echo chroot_local_user=YES >> /etc/vsftpd/vsftpd.conf
If they actually need local access for some reason, then things get a little more complicated, which brings me to #2.
-
Lock users to their home folder as in #1, but do not change their home folders in /etc/passwd. Instead add a mount point to the directories they need access to inside the home folder.
mount --bind /tmp/site1 /home/ftp_user/site1
This one requires an extra click by the users, but allows for the home directory to be correctly set.
Additionally, I would run a daily cron job to double check membership and adjust the home folder/mount point in the event that group membership has changed.