?
Solved

vsftpd - Virtual users and directory access

Posted on 2010-08-12
5
Medium Priority
?
725 Views
Last Modified: 2013-11-29
i have set up vsftpd with TLS/SSL access and virtual users from this site: http://www.cyberciti.biz/tips/rhel-fedora-centos-vsftpd-installation.html

Everything works great setting my local_root=/var/www/html , no problems logging in access directories, but i do not wish for everyone to be able to access all sub directories in that root directory.

I have also read over the guide on this site: http://howto.gumph.org/content/setup-virtual-users-and-directories-in-vsftpd/

How ever  i can  not seem to get it to work how i want.

Details:

I have users:

A
B
C

I have directories in my

/var/www/html/

------------------------www
------------------------reporting
------------------------admin

I want user A to have access to www
I want user B to have access to reporting
I want user C to have access to admin

each of those directories should be the root for each user, eventually user A will also get access to the /reporting/ folder, but not for currently.

The guide above only seem to show how to give each user their own user account directory to which you then need to mkdir for each user somewhere which i don't want to do, and don't think i need to do for what i want?

Can anyone help me with this and setting the directory access for each user, since they are not local users under CentOS i dont think i can use the symlinks method...not that i know how either though.
Here is my vsftpd.conf file


anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=NO
log_ftp_protocol=YES
connect_from_port_20=YES
xferlog_std_format=YES
banner_file=/etc/vsftpd/issue
listen=YES
pam_service_name=vsftpd.virtual
guest_enable=YES
userlist_enable=YES
tcp_wrappers=YES
user_sub_token=$USER
local_root=/var/www/html
chroot_local_user=YES
hide_ids=YES
ssl_enable=YES
allow_anon_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
pasv_address=*.*.*.*
pasv_enable=Yes
pasv_max_port=*****
pasv_min_port=*****

Open in new window

0
Comment
Question by:Mathiau
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 7

Accepted Solution

by:
jhp333 earned 2000 total points
ID: 33425265
First, add the following line to the /etc/vsftpd.conf file
 user_config_dir=/var/www/users

Create a user config file for each user, /var/www/users/user_name with the single line
local_root=/var/www/html/user_dir

For your example,

file /var/www/users/A has:
local_root=/var/www/html/www

file /var/www/users/B has:
local_root=/var/www/html/reporting

file /var/www/users/C has:
local_root=/var/www/html/admin
0
 
LVL 2

Author Comment

by:Mathiau
ID: 33425274
So it is using the user_config_dir, i had read some on that but wasnt sure if it was exactly what i had needed.

Will try this out, much appreciated!
0
 
LVL 2

Author Comment

by:Mathiau
ID: 33425309
You my friend are awesome, i wonder why all the sites with guides don't provide such simple information like that.

One more question..

If i want someone to have access to more then 2 directories?
0
 
LVL 7

Assisted Solution

by:jhp333
jhp333 earned 2000 total points
ID: 33425533
I guess you can try it with symbolic links:

mkdir /var/www/html/forD
cd /var/www/html/forD
ln -s ../www
ln -s ../reporting
echo "local_root=/var/www/html/forD" > /var/www/users/D

Now user D has access to both www and reporting, I hope.
0
 
LVL 2

Author Comment

by:Mathiau
ID: 33425572
Will give it a shot, your 1 for 1 so far :D
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SSL is a very common protocol used these days when browsing the web.  The purpose is to provide security to communication, but how does it do it?  There are several pieces at work that have to be setup before SSL will even work and it requires both …
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses
Course of the Month14 days, 9 hours left to enroll

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question