Create an ftp user in Linux and restrict the user access path

Purpose: Create an ftp user on a Linux system and restrict the user's access through ftp. The main directory is "/", and the upper-level directory is not displayed. For example, I want to create a user usertest with the password usertest. The main directory is/home/mpsp/ftp/usertest. Operating System: RedHatEnterpriseLinuxServerrelease5.4 (Tikanga) ftp: vsftp first

Purpose: Create an ftp user on a Linux system and restrict the user's access through ftp. The main directory is "/", and the upper-level directory is not displayed.

For example, I want to create user usertest with the password usertest, and the main directory is/home/mpsp/ftp/usertest.
Operating System: Red Hat Enterprise Linux Server release 5.4 (Tikanga)
Ftp: vsftp
 
First, create the linux User usertest:
1. log on to the system as an mpsp user and create the home directory/home/mpsp/ftp/usertest for usertest.
2. log on to the linux system as a root user, create a user with a home directory, and enter the following command:
[Root @-home] # useradd-d/home/mpsp/ftp/usertest
 
3. assign a password to the user and enter the following command:
[Root @-etc] # passwd usertest
Changing password for user usertest.
New UNIX password:
Retype new UNIX password:
Passwd: all authentication tokens updated successfully.
 
In this case, check [root @-etc] # cat/etc/passwd
The user configuration is as follows: usertest: x: 504: 504:/home/mpsp/ftp/usertest:/bin/bash.
The system assigns a new user id and group id: 504 and 504. Since all the files of this user need to be open to the mpsp user, we can assign usertest to the mpsp group (group id500 ).
 
4. assign a new user group to the user and enter the following command:
[Root @-home] # usermod-g mpsp usertest

In this case, check [root @-etc] # cat/etc/passwd
The user configuration is as follows: usertest: x: 504: 500:/home/mpsp/ftp/usertest:/bin/bash.
 
Then, configure the user's ftp permissions and access path restrictions:
Can I log on to the ftp System Using usertest? If the access fails, it indicates that our ftp is restricted. Open/etc/vsftpd. conf and search for userlist_enable, userlist_deny, and userlist_file. If userlist_deny = NO: only users in the userlist_file file can access ftp; If userlist_deny = YES: users listed in the userlist_file file cannot access the system through ftp. Userlist_enable is the function switch. Our system configuration is as follows:
Userlist_enable = YES
Userlist_deny = NO
Userlist_file =/etc/vsftpd/user_list
Therefore, you need to add the user to the/etc/vsftpd/user_list file, with each user row.
 
Because the main directory is created by the mpsp user and the usertest is a member of the mpsp group, usertest has the permission to add, delete, query, modify, and query by default. usertest is a member of the mpsp group, you have access permissions to all the paths under/home/mpsp (this is the default setting based on the permissions of each directory). After you log on to ftp, you will find that the usertest user can access other directories, in addition, the permission for the mpsp group is not allowed. We need to control the access range of the usertest user under the main directory. The method is as follows:
1. Run cd/etc/vsftpd to enter the ftp configuration file directory.
2. Edit this file in vi vsftpd. conf, find # chroot_list_enable = YES, and delete the # sign above to enable this restriction function.
Locate chroot_list_file: chroot_list_file =/etc/vsftpd/chroot_list
3. Edit the chroot_list file, add the user name you want to restrict, one user row per row.
 
If vsftpd. conf is updated, restart ftp. The command is as follows:
[Root @ linuxsir001 root] #/etc/init. d/vsftpd restart
Disable vsftpd: [OK]
Start vsftpd For vsftpd: [OK]
 
Use usertest to access the system through ftp. The user successfully logs on to the system and is restricted to his/her home directory. Other directories cannot be accessed. Success.