Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

VSFTPD - restrict local users to access their home directories only

Posted on 2012-08-25
2
Medium Priority
?
621 Views
Last Modified: 2012-11-11
Hi Team,

We use RHEL 5 and 6 servers and we installed vsftpd for secure access for our users to upload and download files. We have a specific requirement here;

We create individual Shell accounts for each customer who wants to upload their files to our servers. lets say customer1 created with home directory (/home/customer1). I noticed with VSFTP configuration, this customer can upload files to /home/customer1 and also was able to browse other folders on the system (ex, /opt, /root). The customer can also download files from /opt folder where we have some confidential files stored in.

IS there any configuration that you suggest so that individual user can only locked down to their home folders only. They should not access any folders on the server other than to their home directories (/home/<customer1>, <customer2>)


Can you please shed some light on this?
Thanks
0
Comment
Question by:luser9999
2 Comments
 
LVL 40

Assisted Solution

by:omarfarid
omarfarid earned 750 total points
ID: 38332618
0
 
LVL 25

Accepted Solution

by:
madunix earned 750 total points
ID: 38333597
Check the following:
http://beginlinux.com/server_training/ftp-server/1273-ftp-basic-set-up
http://beginlinux.com/server_training/ftp-server/1275-ftp-chroot-local-user

Here is my config file. Each user is locked into his folder listed in the /etc/pssword file.

ftpd_banner=Welcome!!
listen=YES
pam_service_name=vsftpd
anonymous_enable=NO
local_enable=YES
session_support=NO
write_enable=YES
chroot_local_user=YES

#supposed default settings added for security and other redhat settings
userlist_deny=YES
userlist_enable=YES
#userlist file is default to /etc/vsftpd.userlist
local_umask=022
0

Featured Post

NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
I have written articles previously comparing SARDU and YUMI.  I also included a couple of lines about Easy2boot (easy2boot.com).  I have now been using, and enjoying easy2boot as my sole multiboot utility for some years and realize that it deserves …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Suggested Courses
Course of the Month13 days, 1 hour left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question