Avatar of dlwynne

asked on 

vsftpd under Centos - how to jail some user to their home dirs, let others see some dirs, let others see all

I am building a LINUX box to replace and old legacy FTP server. I am using Centos and vsftpd.  The box is dedicated to FTP with only SSH and webmin running on it and only those ports open in the firewall. Webmin and SSH will be IP limited to in house or other trusted IPs. vsftpd will have to be able to accept connections from any IP, unless blocked. No anonymous access allowed.  At some point, we may add FTPS (FTP with SSL) to the box for users (the vsftpd is ready for that). I will be using SFTP (FTP over SSH) to move files back and forth, but that is just for me - not the users.

What I need to do is to allow some users access to just their home folders (and sub-folders under that):

These would be like:

user1  /home/user1
user2 /home/user2
user3 /home/user3

Then I need some users to have their own homes, but be able to navigate to some of the other users folders. Like:

user4 /home/user4  but can download, upload, rename, and delete in the folders of user1 and user3 but not user2 .

The I need some user that can see all the /home ftp folders, but can't back out to the OS or / folders

user5 /home/user5 but can see /home/user1-4 and delete, rename, upload, and download from those.

Finally I need a user (me) that can access any of those folders and back out to do whatever I need on the rest of the box.

I have it set up to chroot the users and have the user list on so I can exclude some users (like me) so I can go elsewhere.  I am just wondering what is best way to set this up. Do I just make the folks like "user4" a member of the user1 and user3 groups?  That is OK, but when I add more users and I have to back and add that group to all the new user groups. Since I don't want the lowest level users to see each others stuff, I can't make then a part of the same group.

Another though would be to put the homes of user1-3 in a sub folder:

user1 /home/lowlevelusers/user1
user2 /home/lowlevelusers/user2
user3 /home/lowlevelusers/user3

Then I could make the home of user4 /home/lowlevelusers and then they could see the user 1-4 folders. I think I would still have to make them part of groups or they could not delete or download the files. Maybe that is the key - I DO make a lowleveluser group and make users 1-3 members but jail them to their own folders, then make user4 a member of their own group AND lowleverusers.  Then when we add more low level users we just make them part of the lowlevelusers group (only) and then user 4 automatically gets to see the new folder and access what is placed there?

Then user5's home could be just /home and make them part of user4's group and also lowlevelusers group?  Then they could see and do it all, but could not back out into the rest of the box?

I saw mention of a user config file (/etc/vsftp_user/conf/user4) and that would seem to work to be a help, but I need to do it as simple as possible so someone using webmin could do this and not have to SSH in and mess with files at a low level.

My config file so far is pasted below. If anything related OR unrelated to the user levels needs to be added, changed, or deleted then please let me know.

ftpd_banner=Welcome to our FTP server.
#enable for standalone mode
#When enabled, ASCII mode data transfers will be honoured on downloads.

LinuxServer SoftwareFile Sharing Software

Avatar of undefined
Last Comment
Avatar of omarfarid
Flag of United Arab Emirates image

Avatar of dlwynne


Thanks for the reply, omarfarid.

I had already found that thread before I posted and if you look in my config file I posted I already have:

set in the config. I knew to jail users using the chroot and to allow some out of "jail" with the list.  

I am looking for the best way to configure the system to do what I want and also a critque of my config file. For example, I have listen set to YES and there seems to be some discussion about if that is a good option to have on or not.


Avatar of dlwynne

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial

Linux is a UNIX-like open source operating system with hundreds of distinct distributions, including: Fedora, openSUSE, Ubuntu, Debian, Slackware, Gentoo, CentOS, and Arch Linux. Linux is generally associated with web and database servers, but has become popular in many niche industries and applications.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo