Control access to folder both from ssh and ftp.

[newbie14]

Dear All,
I would like to create new user where there can both ftp and also ssh to my server. The problem when they login either via ssh or ftp I just want them to be able to see only particular folder and not other folder. How can I control that? Thank you.

[gazolinia]

Hi,

To be frank I am not much sure on this . There will be a hook to ftpd to authenticate the user, may be little playing around this hook you will be able to control the users previlege.

For SSHed restriction you need to work much on fine grained ACL's (Access control list). At extreme case there are some third party tools like selinux, grsecurity using which you can satisfy your needs. To be frank my suggestions are just an idea not a perfect one.

Thanks,
Jai

[unspawn]

- A FTP daemon like Vsftpd comes with extensive documentation. Grep it for the term' chroot' and you'll even find xamples on how to set up a confined user account. On top of that Vsftpd allows for virtual user accounts so you don't have to allow them a regular account and login as well.
- OpenSSH since 4.9p1 (or 5.2?) has chroot functionality built in. See 'man 5 sshd_config' for the "ChrootDirectory" option.
- If by SSH you mean a "FTP-like SSH equivalent" see restricted shells like 'scponly' with which you can confine a user to only use SCP or SFTP (not to be confused with secure FTP aka FTPS) so the user can not log in interactively or execute commands remotely.

[newbie14]

Dear All,
I am using centos 5.5. So meaning I must first install Vsftpd is it? So any other fine tutorial for me to follow as I am very new into this. Thank you.

[unspawn]

Yes, to use software you have to install it. Being new to this is not the problem but not being able to read will be. Just run 'yum install vsftpd' (vsftpd-2.0.5 being current as far as I know) then read the documentation in /usr/share/doc/vsftpd-2.0.5 and see the examples in /usr/share/doc/vsftpd-2.0.5/EXAMPLE. After that make a backup of your /etc/vsftpd/vsftpd.conf for later reference, modify it from what you've read and try it. Also see Red Hat / CentOS VSFTPD FTP Server Configuration.

[newbie14]

Dear unspawn,
I have install it. So I have gone to my /usr/share/doc/vsftpd-2.0.5 folder. So which file your want me to read is it the README. So how activate it? Then once any of my user would want to ftp will have to pass through this software is it? Thank you.

[unspawn]

So I have gone to my /usr/share/doc/vsftpd-2.0.5 folder. So which file your want me to read is it the README.

I do not want you to read anything. You must want to read it yourself to understand what you will be using. So. Did you read all of /usr/share/doc/vsftpd-2.0.5 and some of the examples in /usr/share/doc/vsftpd-2.0.5/EXAMPLE?

So how activate it?

Did you make a backup of your /etc/vsftpd/vsftpd.conf? Did you modify it from what you've read? After that run '/etc/init.d/vsftpd start' to run the FTP daemon. Now you can test your login.

Then once any of my user would want to ftp will have to pass through this software is it?

That's the idea, yes.