[thelist] unix acl help
Robert O'Rourke
rob at sanchothefat.com
Thu Dec 20 12:49:27 CST 2007
David Menzel wrote:
> What you describe wanting is exactly what chroot is supposed to do. You
> stated that you believe this is setup already, but please check your
> settings on this again. To quote from a previous respondent :
>
> - Adding regular users to vsftpd.chroot_list should prevent them from
> leaving their home directory, e.g., /home/username.
>
>
>
This is essentially what I have, with everything else under /etc/vsftpd
untouched:
/etc/passwd:
username:x:1009:1013::/home/ftp/./username:/sbin/nologin
/etc/group:
ftp-users:x:1013:apache,username
/etc/vsftpd/vsftpd.conf:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
connect_from_port_20=YES
nopriv_user=ftp
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
pam_service_name=vsftpd
userlist_enable=YES
listen=YES
tcp_wrappers=NO
/etc/vsftpd/chroot_list:
username
One (possibly groan inducing) thing that may be messing with it is that
in their home directory I've symlinked to another file in another
directory (/home/websites) with the right permissions where each
websites static files are stored eg. images/pdfs/exes. Would reversing
the symlink so that the files are in /home/ftp/username stop them from
being able to list directories outside of their home directory?
Sorry, I dont use unix very often, its just the guy who normally does
this stuff is on holiday...
thanks for your help,
Rob
More information about the thelist
mailing list