Information and Links
Join the fray by commenting, tracking what others have to say, or linking to it from your blog.
- Other Posts
- Use fuser to diagnose umount issues
- A little humour
Selectively jail ftp users in virtual domains
The following how to is from Chris over at Ensim.com
Have you ever wanted to give a user FTP access to their own little site on a virtual domain, but didn't because you were afraid they would snoop around your main sites files? Worry no longer. This little how-to will let you selectively 'jail' a user to their home folder on your server. By jail, we mean that the user will not be able to see any files or folders outside their own home folder on your server.
Add the line
-
DefaultRoot ~ jailedftpusers
to /etc/proftpd.conf. You can add it right above
the 'include "/etc/proftpd/proftpd.conf.wp"' line at
the end of the file. You must now Restart proftpd with
-
/etc/init.d/proftpd restart
If you want this hack to work on namebased sites AND IP based sites, people have suggested adding the above line to /etc/proftpd.conf inside the
2. For each site where you want to have jailed
ftp users, do the following:
-
/usr/sbin/chroot /home/virtual/<domain> /usr/sbin/groupadd -g 50 -o jailedftpusers
3. For each user you wish to jail, do the
following:
-
/usr/sbin/chroot /home/virtual/</domain><domain> /usr/sbin/usermod -G jailedftpusers <username>
That is all there is to getting selective jailed FTP users in a virtual domain on an Ensim box.
After thought: If you want to change where the user is jailed to, then one would simply need to change the path for that user in the /etc/passwd file. Haven't tried it, but seems it should work.
