CentOS FTP – Create FTP User with Specific Directory Access

centoschrootftpvsftpd

So I'm on a VPS – CentOS Linux installation. I have vsFTPd on the server.
I currently have SFTP access to the server via my root user, but am now trying to create a new user with FTP access to a specific directory only on the server, I've done the following:

1. mkdir /var/www/mydomain.com
2. mkdir /var/www/mydomain.com/html
3. useradd <-username>
4. passwd <-username>
5. chown –R <-username> /var/www/mydomain.com
5. groupadd <-groupname>
6. gpasswd -a <-username> <-groupname>
7. chgrp -R <-groupname> /var/www/mydomain.com
8. chmod -R g+rw /var/www/mydomain.com

What I'm struggling to do is to create the user to ONLY have access to /var/www/mydomain.com – I observed that the user correctly logs into the right folder, however the user can then browse "back" to other directories. I want the user to stick in the specific folder and not being able to "browse" back.

Any ideas?

I've found different articles on chrooting, but simply haven't figured it out to use it in the steps included above.

Best Answer

It's quite simple.

You have to add the following option on the vsftpd.conf file

chroot_local_user=YES

The documentation inside the configuration file is self-explanatory:

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().

This means, that the user will just have access on the folder you configured as HOME of the user.Below, i have an example of a user passwd entry:

upload_ftp:x:1001:1001::/var/www/sites/:/bin/bash

Set the home directory of the user with the following command

usermod -d /var/www/my.domain.example/ exampleuser

Note: In my example, this user is also a valid user for some scheduled tasks inside Linux. If you don't have this need, please change the shell of the user to /sbin/nologin instead of bash.

Related Question