VSFTPD add users and Restrict directories and specify user access to specified directories

Source: Internet
Author: User
Tags anonymous ftp parent directory file permissions

Development over there update speed if faster, every day there will be countless files or directories to the operation and maintenance of the updated online, this is more trouble, just give them a ride ftp let them upload changes themselves, but there is a problem, is the permissions, the company five sites have five directories, each person responsible for different sites, how to let each of them do not interfere with others, Or no one else's directory for "sabotage"! Solve this problem below!

One. Check the installation of VSFTPD in Linux.

It won't be long-winded.

Two. Turn off the SELinux in the system and reboot the computer (you can change the label if it's not closed)

Ways to turn off SELinux:

Modify the Selinux= "" in the/etc/selinux/config file as disabled and reboot.

If you do not want to reboot the system, use the command Setenforce 0

Note:

Setenforce 1 set SELinux to become enforcing mode

Setenforce 0 Set SELinux to become permissive mode

Increase in the boot parameters of Lilo or grub: selinux=0, or you can turn off SELinux

Setsebool Ftpd_disable_trans 1

Three. Creating a user and a specified directory

Note: To set the appropriate permissions for the directory, it is best to modify it before specifying the FTP home directory

Then change the value of Local_umask in the vsftpd.conf configuration file to 000, generate directory default 777, file default 666

#useradd-D/var/www-s/sbin/nologin FTP3

#passwd FTP3

Set up user Ftp3, and specify their home directory as/var/www, prohibit landing

#useradd-D/var/web-s/sbin/nologin FTP4

#passwd FTP4

Set up user FTP4, and specify their home directory as/var/web, prohibit landing

This allows FTP3 and FTP4 users to be assigned to the appropriate folder.

Four. modifying vsftpd.conf configuration Files

Change anonymous_enable to No to prevent anonymous uploads

Remove Chroot_list_enable and chroot_list_file comments to prevent users from accessing the parent directory

Five. Create chroot_list files under/ETC/VSFTPD

When the build is complete, add the user FTP3,FTP4 (one line) to allow access to the specified directory only.

Six. Start or restart the FTP service.

#service vsftpd Restart (start)

After the startup is successful, you can access the FTP service.

Here are some of the configurations attached to vsftpd.conf

1. Anonymous server connection (standalone server)

Add the following items to the/etc/vsftpd/vsftpd.conf configuration file:

Anonymous_enable=yes (Allow anonymous login)

Dirmessage_enable=yes (Displays the contents of the directory. Message when the directory is switched)

local_umask=022 (local file permissions on FTP, default is 077)

Connect_form_port_20=yes (data connection with FTP data port enabled) *

Xferlog_enable=yes (activation of upload and next log)

Xferlog_std_format=yes (using standard log format)

FTPD_BANNER=XXXXX (Welcome information)

PAM_SERVICE_NAME=VSFTPD (Verification method) *

Listen=yes (Standalone VSFTPD server) *

Function: can only connect FTP server, cannot upload and send down

Note: All of which are related to the log welcome information is optional, the asterisk is no matter what account to add, is the basic FTP option

See more highlights of this column: http://www.bianceng.cnhttp://www.bianceng.cn/Servers/Ftp/

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.