Solved

vsftpd - Virtual users and directory access

Posted on 2010-08-12
5
715 Views
Last Modified: 2013-11-29
i have set up vsftpd with TLS/SSL access and virtual users from this site: http://www.cyberciti.biz/tips/rhel-fedora-centos-vsftpd-installation.html

Everything works great setting my local_root=/var/www/html , no problems logging in access directories, but i do not wish for everyone to be able to access all sub directories in that root directory.

I have also read over the guide on this site: http://howto.gumph.org/content/setup-virtual-users-and-directories-in-vsftpd/

How ever  i can  not seem to get it to work how i want.

Details:

I have users:

A
B
C

I have directories in my

/var/www/html/

------------------------www
------------------------reporting
------------------------admin

I want user A to have access to www
I want user B to have access to reporting
I want user C to have access to admin

each of those directories should be the root for each user, eventually user A will also get access to the /reporting/ folder, but not for currently.

The guide above only seem to show how to give each user their own user account directory to which you then need to mkdir for each user somewhere which i don't want to do, and don't think i need to do for what i want?

Can anyone help me with this and setting the directory access for each user, since they are not local users under CentOS i dont think i can use the symlinks method...not that i know how either though.
Here is my vsftpd.conf file


anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=NO
log_ftp_protocol=YES
connect_from_port_20=YES
xferlog_std_format=YES
banner_file=/etc/vsftpd/issue
listen=YES
pam_service_name=vsftpd.virtual
guest_enable=YES
userlist_enable=YES
tcp_wrappers=YES
user_sub_token=$USER
local_root=/var/www/html
chroot_local_user=YES
hide_ids=YES
ssl_enable=YES
allow_anon_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
pasv_address=*.*.*.*
pasv_enable=Yes
pasv_max_port=*****
pasv_min_port=*****

Open in new window

0
Comment
Question by:Mathiau
  • 3
  • 2
5 Comments
 
LVL 7

Accepted Solution

by:
jhp333 earned 500 total points
ID: 33425265
First, add the following line to the /etc/vsftpd.conf file
 user_config_dir=/var/www/users

Create a user config file for each user, /var/www/users/user_name with the single line
local_root=/var/www/html/user_dir

For your example,

file /var/www/users/A has:
local_root=/var/www/html/www

file /var/www/users/B has:
local_root=/var/www/html/reporting

file /var/www/users/C has:
local_root=/var/www/html/admin
0
 
LVL 2

Author Comment

by:Mathiau
ID: 33425274
So it is using the user_config_dir, i had read some on that but wasnt sure if it was exactly what i had needed.

Will try this out, much appreciated!
0
 
LVL 2

Author Comment

by:Mathiau
ID: 33425309
You my friend are awesome, i wonder why all the sites with guides don't provide such simple information like that.

One more question..

If i want someone to have access to more then 2 directories?
0
 
LVL 7

Assisted Solution

by:jhp333
jhp333 earned 500 total points
ID: 33425533
I guess you can try it with symbolic links:

mkdir /var/www/html/forD
cd /var/www/html/forD
ln -s ../www
ln -s ../reporting
echo "local_root=/var/www/html/forD" > /var/www/users/D

Now user D has access to both www and reporting, I hope.
0
 
LVL 2

Author Comment

by:Mathiau
ID: 33425572
Will give it a shot, your 1 for 1 so far :D
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Please see preceding article here: http://www.experts-exchange.com/Networking/Operating_Systems/A_11209-Root-Bridge-Election.html Figure 1 After Root Bridge has been elected, then what?..... Let's start by defining a Root Port in la…
I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.

813 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now