Hi, I am new to this forum so "hello everybody". I was wondering if I could get some FTP advice. I am configuring VS-FTP on RHEL 4 and have hit a stumbling block with the config. Basically I have a list of folders and have created Linux Users pointing to a certain one of these folders as its home directory based upon relevance. I have applied the chroot_local_user option to ensure that users do not browse outside of their home directory. This is for two reasons 1) security and 2) they need to pay a fee for access to other directories. This is simple enough however I need to be able to give some users access to multiple directories which is prohibited by the chroot_local_user. Is there a way I can create a symlink based on user account that allows access to other dirs and displays a link? Previously we have used Bullet Proof on a Windows Box which does allow for this config. Any ideas or suggestions would be great, or even a better product that VS-FTP which is pretty much what you get nowadays with RedHat Linux. Many thanks - Johan
Take a look here: http://vsftpd.beasts.org/vsftpd_conf.html I think the solution is to use a combination of chroot_list_enable and chroot_local_user.
Thanks for that, I did think of that but this then takes me back to security. If I remove certain users from the chroot jail I need to prevent them accessing certain directories such as /etc. I know it is a swear word in these parts but I could do that is seconds on a Windows Server - any tips doing that on Linux. I created a group called nochrootjail but the file system permissions are not (in my limited experience) as granular as NTFS.
I thought of setting the home dirs to the root of the ftp directory rather than indiviudual dirs within. Then place all users in a chroot jail. Then create a group for each directory then apply no access to "others" and control access this way. This also prevents users gaining access to / and /etc - et cetera. This is really clumsy compared to Bulletproof FTP on Windows but it works and I would rather have a public facing Linux Server than a Public facing Windows Server. Before I apply this has anyone got any other pearls for me. Thanks to everyone that viewed this thread and thanks for your input Falko.
Just to let you know that I have solved the issue. It is simple really but nevertheless took some thought. I place all FTP Uers in a chroot jail without exception however I use the mount --bind command to have file system structures appear in multiple places. Users do not require write access so thats good enough. If your banging ur head against the wall - I hope this has helped you.
