On 3/21/08, Lan Barnes <[EMAIL PROTECTED]> wrote: > > On Thu, March 20, 2008 6:54 pm, Joshua Penix wrote: > > On Mar 20, 2008, at 3:20 PM, Lan Barnes wrote: > > > >> I've set up a ftp server at work and want to limit users to a > >> directory > >> and its subs. How to? > >> > >> This doesn't appear to be very well documented. > > > > > > The vsftpd config directives are a bit strangely named and > > functionally overloaded. But it's pretty easy once you figure it > > out... you need at least two config directives, and then an optional > > third which basically reverses the functionality of the first two. > > > > There are two possible scenarios, both assuming that the FTP accounts > > are defined as local Linux users in /etc/passwd: > > > > #1) Users get full access by default, specific accounts get chrooted > > > > SET in vsftpd.conf > > ------------------ > > chroot_list_enable=YES > > chroot_list_file=/etc/vsftpd.chroot_list > > > > Then EDIT /etc/vsftpd.chroot_list and list the users that should get > > jailed, one per line. > > > > > > #2) Users get chrooted by default, specific accounts get full access > > > > SET in vsftpd.conf > > ------------------ > > chroot_list_enable=YES > > chroot_list_file=/etc/vsftpd.chroot_list > > chroot_local_user=YES > > > > Then EDIT /etc/vsftpd.chroot_list and list the users that should get > > full access, one per line. > > > > > > Also note that in both cases, it's probably important to verify that > > "anonymous_enable=NO" is set in vsftpd.conf and *not* commented out, > > as the default is to allow anonymous and that's almost never a good > > idea. > > > > Hope that helps. > > I'm not sure I'm being clear. > > I want everyone (joe 6-pack) to be able to go: > > ftp 10.1.1.101 > > ... and get in. I want everybody to be sent to /data/stuff_to_give_up and > not be able to get out of there. I don't want to screw around with access > lists or adding users. > > In my reading (I'm the first to admit I get confused), what's being > suggested (1) requires that I give all my users indicidual access accounts > (2) chroots them to /home/jsixpack, which is a PITA (yeah, I can edit > their home in /etc/passwd I suppose to all be the same place). > > -- > Lan Barnes > > SCM Analyst Linux Guy > Tcl/Tk Enthusiast Biodiesel Brewer > > > -- > [email protected] > http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list >
If user anonymous will work to allow joe random user to get from and upload to vsftpd then this discussion may be what you are looking for: http://ubuntuforums.org/archive/index.php/t-403983.html When I looked up vsftpd and chroot jail I was a little surprised that something I thought was well established was actually a big discussion point. Almost all of the assumptions are that you would allow access on a per unique user/account basis. What about just plain old anonymous. My other thought is if this is going to be a hassle just make a user account and give the passwd to whomever you want to have access. I see what you mean... This shouldn't be that big a deal... rbw -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
