User Permissions on an FTP Server

[mje397]

Is it possible to set different permissions for different users in an FTP? I have the users listed in the ftpuser_list file.


Thank you

[SilentRage]

Perhaps if you go into what you want to do with more detail I can think of the best way to get it to work for you.

The answer is yes, depending on what you want.

[mje397]

Thnx.. I would like to have one common user ( where everyone can read and write) and three indivudual users where only the individual users have permission to access.

Is it possible?

[SilentRage]

Got an answer for you.

Yes, this is possible.

Got some questions for you.

What ftp server are you running? vsftpd I hope.

Do all these users share the same ftp root directory? The answer to this question does not effect my answer to your question. Just a matter of implementation.

[mje397]

Yes, I am using vsftpd.. And all users are in the same root directory...

[SilentRage]

I'm going to give you an example implementation, which you will need to adapt to your situation. I'm going to use the local root of /var/ftp and 3 system users called "trusted", "joe", and "shmitt".

COMMANDLINE

groupadd ftpusers
useradd -M -s /sbin/nologin -g ftpusers trusted
passwd trusted
useradd -M -s /sbin/nologin -g ftpusers joe
passwd joe
useradd -M -s /sbin/nologin -g ftpusers shmitt
passwd shmitt

mkdir /var/ftp/joe
chmod 700 /var/ftp/joe
chown joe /var/ftp/joe

mkdir /var/ftp/shmitt
chmod 700 /var/ftp/shmitt
chown joe /var/ftp/shmitt

REQUIRED CONFIGURATION

local_enable=YES
write_enable=YES
chroot_local_user=YES
anonymous_enable=NO
local_root=/var/ftp

OPTIONAL CONFIGURATION

userlist_enable=YES
userlist_deny=NO
userlist_file=/etc/ftpuser_list
local_umask=022

FILE CONTENTS [/etc/ftpuser_list]
trusted
joe
shmitt

[mje397]

Thnx buddy... I am slightly confused.. sorry I am new to the entire Linux.. still in the learning stage..


So in ur example.. we have 3 users in the list. And whatever configuration I give using chroot, userlist_enable, userlist_deny applies collectively to all the three users.

Am I right?

Now if I defne trusted as a group with menbers joe and shmitt, and other two as individual users, can I have sth like this..

Trusted can be accessed by both users.
Joe cannot acccess shmitt
smith cannot access joe

[SilentRage]

The 3 userlist options do apply to the ftpusers_list file. userlist_enable makes sure that vsftpd even uses the file. userlist_deny was set to NO so that vsftpd knows that this is a list of allowed users, rather than denied users. userlist_file specified the full path and file name of the userlist file. The chroot should apply to all 3 users.

Now if I define trusted as a group...

You could leave out the shared (trusted) user if you want to so that you only have "joe" and "schmitt". If one user uploads a file outside of his directory, then the other user(s) can access it.

The "joe" user won't be able to access the "schmitt" directory cause we set the directory permissions with chmod and chown so that ONLY that user has access. vsftpd will run as the user who logs in, so file system permissions will apply to ftp access.

[asercey]

it is possible to add user and able to read and write their shared directory

let say their shared directory is testuser and the user are:
user1: read and write
user2: read and write
user3;read
user4:read

their login shell is /sbin/nologin

thanks