On Thu, March 20, 2008 6:54 pm, Joshua Penix wrote: > On Mar 20, 2008, at 3:20 PM, Lan Barnes wrote: > >> I've set up a ftp server at work and want to limit users to a >> directory >> and its subs. How to? >> >> This doesn't appear to be very well documented. > > > The vsftpd config directives are a bit strangely named and > functionally overloaded. But it's pretty easy once you figure it > out... you need at least two config directives, and then an optional > third which basically reverses the functionality of the first two. > > There are two possible scenarios, both assuming that the FTP accounts > are defined as local Linux users in /etc/passwd: > > #1) Users get full access by default, specific accounts get chrooted > > SET in vsftpd.conf > ------------------ > chroot_list_enable=YES > chroot_list_file=/etc/vsftpd.chroot_list > > Then EDIT /etc/vsftpd.chroot_list and list the users that should get > jailed, one per line. > > > #2) Users get chrooted by default, specific accounts get full access > > SET in vsftpd.conf > ------------------ > chroot_list_enable=YES > chroot_list_file=/etc/vsftpd.chroot_list > chroot_local_user=YES > > Then EDIT /etc/vsftpd.chroot_list and list the users that should get > full access, one per line. > > > Also note that in both cases, it's probably important to verify that > "anonymous_enable=NO" is set in vsftpd.conf and *not* commented out, > as the default is to allow anonymous and that's almost never a good > idea. > > Hope that helps.
I'm not sure I'm being clear. I want everyone (joe 6-pack) to be able to go: ftp 10.1.1.101 ... and get in. I want everybody to be sent to /data/stuff_to_give_up and not be able to get out of there. I don't want to screw around with access lists or adding users. In my reading (I'm the first to admit I get confused), what's being suggested (1) requires that I give all my users indicidual access accounts (2) chroots them to /home/jsixpack, which is a PITA (yeah, I can edit their home in /etc/passwd I suppose to all be the same place). -- Lan Barnes SCM Analyst Linux Guy Tcl/Tk Enthusiast Biodiesel Brewer -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
