Solved

vsftpd - Virtual users and directory access

Posted on 2010-08-12
5
702 Views
Last Modified: 2013-11-29
i have set up vsftpd with TLS/SSL access and virtual users from this site: http://www.cyberciti.biz/tips/rhel-fedora-centos-vsftpd-installation.html

Everything works great setting my local_root=/var/www/html , no problems logging in access directories, but i do not wish for everyone to be able to access all sub directories in that root directory.

I have also read over the guide on this site: http://howto.gumph.org/content/setup-virtual-users-and-directories-in-vsftpd/

How ever  i can  not seem to get it to work how i want.

Details:

I have users:

A
B
C

I have directories in my

/var/www/html/

------------------------www
------------------------reporting
------------------------admin

I want user A to have access to www
I want user B to have access to reporting
I want user C to have access to admin

each of those directories should be the root for each user, eventually user A will also get access to the /reporting/ folder, but not for currently.

The guide above only seem to show how to give each user their own user account directory to which you then need to mkdir for each user somewhere which i don't want to do, and don't think i need to do for what i want?

Can anyone help me with this and setting the directory access for each user, since they are not local users under CentOS i dont think i can use the symlinks method...not that i know how either though.
Here is my vsftpd.conf file


anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=NO
log_ftp_protocol=YES
connect_from_port_20=YES
xferlog_std_format=YES
banner_file=/etc/vsftpd/issue
listen=YES
pam_service_name=vsftpd.virtual
guest_enable=YES
userlist_enable=YES
tcp_wrappers=YES
user_sub_token=$USER
local_root=/var/www/html
chroot_local_user=YES
hide_ids=YES
ssl_enable=YES
allow_anon_ssl=YES
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
rsa_cert_file=/etc/vsftpd/vsftpd.pem
pasv_address=*.*.*.*
pasv_enable=Yes
pasv_max_port=*****
pasv_min_port=*****

Open in new window

0
Comment
Question by:Mathiau
  • 3
  • 2
5 Comments
 
LVL 7

Accepted Solution

by:
jhp333 earned 500 total points
Comment Utility
First, add the following line to the /etc/vsftpd.conf file
 user_config_dir=/var/www/users

Create a user config file for each user, /var/www/users/user_name with the single line
local_root=/var/www/html/user_dir

For your example,

file /var/www/users/A has:
local_root=/var/www/html/www

file /var/www/users/B has:
local_root=/var/www/html/reporting

file /var/www/users/C has:
local_root=/var/www/html/admin
0
 
LVL 2

Author Comment

by:Mathiau
Comment Utility
So it is using the user_config_dir, i had read some on that but wasnt sure if it was exactly what i had needed.

Will try this out, much appreciated!
0
 
LVL 2

Author Comment

by:Mathiau
Comment Utility
You my friend are awesome, i wonder why all the sites with guides don't provide such simple information like that.

One more question..

If i want someone to have access to more then 2 directories?
0
 
LVL 7

Assisted Solution

by:jhp333
jhp333 earned 500 total points
Comment Utility
I guess you can try it with symbolic links:

mkdir /var/www/html/forD
cd /var/www/html/forD
ln -s ../www
ln -s ../reporting
echo "local_root=/var/www/html/forD" > /var/www/users/D

Now user D has access to both www and reporting, I hope.
0
 
LVL 2

Author Comment

by:Mathiau
Comment Utility
Will give it a shot, your 1 for 1 so far :D
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now