I need to be able to add a virtual users to vsftpd that only have access to a sub folder. The reason why I want to use virtual users is I only want to have 1 real user on the server.
The FTP structure is:
www
website_name1
sub_folder1
website_name2
sub_folder2
sub_folder3
website_name3
website_name4
The main account has access to the www folder and all sub directories and I want to add a virtual user that can have access to the sub_folder1 and only sub_folder1
Also to avoid some confusion I would also require another user to access sub_folder3 and only sub_folder3. My point being I need to be able to choose which folder and sub folders on a user by user basis.
I have found ways to to add users to see the whole strucutre or setup user named folders both of which have no use to me.
I found a similar question posted here:
How to setup VSFTPD for multiple users including adding specific directories
but it recommends proftpd
which I though was general less secure.
Or have I missed the point here?
Best Answer
With a bit of playing around I've managed to come up with a semi solution (not perfect but good enough)
using 2707974 answer and information I've gained else where I've been able to get what I need.
First you need vsftp and PAM installed
Edit /etc/vsftpd.conf
then paste in the following
Edit to your exact needs the most important bit for virtual users is everything after the virtual user settings comment
Creating User
You can either use a database or
htpasswd
I foundhtpasswd
faster and easier to use.make a directory to store your users
adding additional users just omit the
-c
I've only managed to get it to work using CRYPT which limits to 8 chars to use more than 8 chars use openssl to generate a compatible hash and pipe directly into htpasswd
Once your users are created you can now change your PAM config file
and remove everything inside this file and replace with the following
This will enable login for your virtual users defined in
/etc/vsftpd/ftpd.passwd
and will disable local usersNext we need to add a user for these virtual users to use. These users will not have access to the shell and will be called
vsftpd
the user must match
guest_username=vsftpd
in the vsftpd conf fileDefining Directory Access
The important line here is the following
this means that when
user1
logs in it will look for the following filethis file the same as the
vsftpd.conf
so you can define a newlocal_root
going back to the question we want
user1
to only have access tovar/www/website_name1/sub_folder1
, so we need to create thevsftpd_user_conf
folder:Now create the user file:
and enter the following line
Now restart vsftp
you should now be able to login as user1 who will only be able to see
var/www/website_name1/sub_folder1
and any folder and file inside it.That's it you can now add as many users as you want and limit their access to whatever folder you wish.
important to remember if you do not create a user conf file it will default to the var/www folder as root (in the example above)
If the subfolder is intended to be modifiable by the user, it might be necesary to change the owner of the shared subfolder: