Restricting ftp users to html directory

Hi
Is there a way to setup new and existing siteworx accounts so when ftp is used they are restricted to html directory, a suppressing amount
of users do not know what they are doing and end up either uploading to the wrong directory or deleting all the files in root.

Than you

Hi Bear

Good question and I believe this can be achieved by adding additional lines in FTP config .

The exact lines I am not sure, but I changed ours to not allow executable files such as .exe or .com etc… to be uploaded or have a file already in their ftp folders renamed as executable

Many thanks

John

I will have a search and find out, thank you

Hi Bear

I think the following may help you

Many thanks

John

The syntax for the DefaultRoot directive is:

DefaultRoot DIRECTORY USER(S)

You can make DefaultRoot entries at the bottom of the proftpd.conf file.

Example 1: To restrict the user ‘myname’ to their home directory, you would make the following addition to the proftpd.conf file:

DefaultRoot ~ myname

The ~ represents the home directory of any user, so this would restrict the user myname to their home directory when in FTP.

Example 2 - To restrict the user myname to a vhost directory, the following entry could be made:

DefaultRoot /home/unixname/domain.url/html/ myname

You need to restart ProFTP when changed

Sorry I missed your comment John, thank you for the information.

It seams quite easy to restrict individuals to a directory but I could not find a way to restrict all users of the server to html directory without listing every users in the proftpd.conf.

Method 1: Changing the user’s home directory
Make sure the following line exists

chroot_local_user=YES
Set user HOME Directory to /var/www/ , if you want to change for existing user then you can use:

usermod --home /var/www/ username
then set required permission on /var/www/

Method 2: Use user_sub_token
If you don’t want to change user’s Home directory then you can use:

chroot_local_user=YES
local_root=/ftphome/$USER
user_sub_token=$USER
About user_sub_token:
Automatically generate a home directory for each virtual user, based on a template. For example, if the home directory of the real user specified via guest_username is /ftphome/$USER, and user_sub_token is set to $USER, then when virtual user test logs in, he will end up (usually chroot()'ed) in the directory /ftphome/test. This option also takes affect if local_root contains user_sub_token.

Create directory and set up permissions:

mkdir -p /ftphome/{test,user1,user2}
chmod 770 -R /ftphome
chown -R ftp. /ftphome
usermod -G ftp test
Once restart vsftpd and test your setup.

Sample success output:

[[email protected] tmp]# ftp localhost
Connected to mail.linuxian.local.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): test
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mput vhosts
mput vhosts?
227 Entering Passive Mode (127,0,0,1,146,41)
150 Ok to send data.
226 File receive OK.
24 bytes sent in 3.3e-05 seconds (7.1e+02 Kbytes/s)
ftp> ls -rlt
227 Entering Passive Mode (127,0,0,1,97,90)
150 Here comes the directory listing.
-rw-r–r-- 1 787 787 24 Oct 11 19:57 vhosts
226 Directory send OK.
ftp> 221 Goodbye.