VSFTP Config to send users to specific folders

ftp vsftpd sles

I have approximately 30 users on a box. Those users are in overlapping groups(about 6-10 groups). I need them to be able to land in a specific folder based on their group assignment when they FTP in.

I.e., group1 -> /tmp/site1 group2 -> /tmp/site2

Is this at all possible with VSFTP on a SuSE box? Using SFTP isn't an option unfortunately.

Thanks!

EDIT: And in the event of a user being in several groups, just dumping them to the highest-level folder necessary to view the various folders they have access to.


You can create a chroot list with vsftpd.conf

see help instructions here: http://www.linuxquestions.org/questions/linux-networking-3/vsftpd-chroot-problem-387883/

I think you are looking for this snippet of information:

All the users belonging to ftp-users group goes into /home/ftp-docs/ftp_stuff by default when they login. They cannot navigate in other directories and are restricted to this particular directory.

You do this:

Create a directory by issuing the following command as root:

mkdir -p /home/ftp-docs/ftp_stuff

Then do this:-

chgrp ftp-users /home/ftp-docs/ftp_stuff chmod 3777 /home/ftp-docs/ftp_stuff

In the /etc/vsftpd/vsftpd.conf write this chroot_list_enable=YES chroot_list_file=/etc/vsftpd.chroot_list

Put all you ftp-users group userś name in /etc/vsftpd.chroot_list Then in the /etc/passwd file make the home directory of all the users belonging to ftp-users group to /home/ftp-docs/ftp_stuff. Then do the following:

service vsftpd restart

Then login via any user belonging to ftp-users group you will lend into /home/ftp-docs/ftp_stuff. You cant go to the other higher level directories.

you can create multiple entries in the list for multiple groups. the order in which those groups are in the list file will dictate their highest directory I believe.

Hope that helps. Thomas


There are a few options.

  1. Set the user's home directoy to the needed directory (in /etc/passwd) and configure group membership, and configure vsftpd to chroot them into their home folder. 

    echo chroot_local_user=YES >> /etc/vsftpd/vsftpd.conf

    If they actually need local access for some reason, then things get a little more complicated, which brings me to #2.

  2. Lock users to their home folder as in #1, but do not change their home folders in /etc/passwd. Instead add a mount point to the directories they need access to inside the home folder. 

    mount --bind /tmp/site1 /home/ftp_user/site1

This one requires an extra click by the users, but allows for the home directory to be correctly set.

Additionally, I would run a daily cron job to double check membership and adjust the home folder/mount point in the event that group membership has changed.

Related

why are there many httpd process on the machine while i only started one apache httpd service?
Is there a Windows equivalent of the HAProxy for virtual load balancing?
Windows 2008 R2 Server using 100% RAM, can't find the problematic process
Linux: Chrome Cache Viewer
How to install zsh on git for windows
Using an existing slide to create master slide views
How can I keep SSH keys passwords in KDE wallet?
How come bit flips aren't destroying my computer?
Forwarding ssh key using docker composer-compose
How to access files on network drive from Windows Subsystem for Linux
Enlarging the conditional formatting window in Excel
How to bypass the Secure Boot and T2 chip to install Linux on the new MacBooks? All suggestions don’t let me boot from Linux USB flash drive