luser9999
asked on
VSFTPD - restrict local users to access their home directories only
Hi Team,
We use RHEL 5 and 6 servers and we installed vsftpd for secure access for our users to upload and download files. We have a specific requirement here;
We create individual Shell accounts for each customer who wants to upload their files to our servers. lets say customer1 created with home directory (/home/customer1). I noticed with VSFTP configuration, this customer can upload files to /home/customer1 and also was able to browse other folders on the system (ex, /opt, /root). The customer can also download files from /opt folder where we have some confidential files stored in.
IS there any configuration that you suggest so that individual user can only locked down to their home folders only. They should not access any folders on the server other than to their home directories (/home/<customer1>, <customer2>)
Can you please shed some light on this?
Thanks
We use RHEL 5 and 6 servers and we installed vsftpd for secure access for our users to upload and download files. We have a specific requirement here;
We create individual Shell accounts for each customer who wants to upload their files to our servers. lets say customer1 created with home directory (/home/customer1). I noticed with VSFTP configuration, this customer can upload files to /home/customer1 and also was able to browse other folders on the system (ex, /opt, /root). The customer can also download files from /opt folder where we have some confidential files stored in.
IS there any configuration that you suggest so that individual user can only locked down to their home folders only. They should not access any folders on the server other than to their home directories (/home/<customer1>, <customer2>)
Can you please shed some light on this?
Thanks
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.