[Trilug-ontopic] VSFTPD configuration question
Richard O. Hammer
rhammer at FastMail.fm
Wed Jun 30 18:35:29 EDT 2010
I'm trying to set up VSFTPD on CentOS5 with a specific set of permissions,
listed below. Can anyone tell me how to do this?
<FTP service goals>
1. No anonymous access. Access allowed only for local users who login with
2. Whenever anyone logs into the FTP site they are placed initially in the
public FTP directory, /var/ftp/.
3. Our staff (each with their own local user name) will be able to write files
into /var/ftp/, and also be able to cd out of /var/ftp/ to anywhere else on the
server where their permissions allow.
4. We will have one local user name (and password) for people outside our
company who may need to access our ftp site to get files we have placed there.
This one user will not be able to cd out of /var/ftp/, and will not have write
permission in that directory either.
</FTP service goals>
I've been trying to set the configuration options in a number of different ways.
From reading the man page for vsftpd.conf
<http://vsftpd.beasts.org/vsftpd_conf.html> it is easy for me to believe that I
should be able to set these parameters [chroot_list_enable, chroot_local_user,
chroot_list_file, passwd_chroot_enable, local_root] in some combination to get
what I need. But I have not yet found a combination that works. The
chroot_list always seems to be ignored in every combination I've tried.
Below you can see the present state of my configuration file.
Thanks for any suggestions,
# Uncomment this to allow local users to log in.
# Uncomment this to enable any form of FTP write command.
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
# Activate logging of uploads/downloads.
# Make sure PORT transfer connections originate from port 20 (ftp-data).
# If you want, you can have your log file in standard ftpd xferlog format
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#The following line added 1/28/10 ROH, out again 6/10
#The following lines added 6/10 ROH
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
# (default follows)
#"pam_service_name", seems necessary for login to work, 6/30/10, RH
#enable for standalone mode
More information about the Trilug-ontopic