I have a situation where I have someone out in the wild that I need to allow to connect via ftp to pick up some files occasionally. I've got vsftpd running and can access from the outside.

I've disabled anom login but allow login by user accounts on this machine.

I'm rather new at all this and I am having difficulty figuring out several things.

1. Is there a way I can limit ftp login to be from one specific IP address only?

2. Can I set it up so the only login allowed is for one specific user account on this system rather than all users?

3. Can I limit the directories the logged in user can access? Right now the ftp user has access to the entire OS and I want to limit access to one specific directory and subdirectories of it, only.

TIA

Hi,

Read your /etc/vsftpd.conf file. The answer you seek is there. Look for:

# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
chroot_list_enable=YES
# (default follows)
chroot_list_file=/etc/vsftpd.chroot_list

Note the "IF YES" above, then people in the list ARE NOT chrooted but all other users are.

You can also search for more changes you can make to sync local time etc.


I have people who need temp access to certain files. I just create a tmp user who is chrooted to the specific directory then delete the user when done. I make sure their "home" directory inside of /etc/password is the dir they need to get into.


Hope this helps,

Mesu

Yeah, I saw the chroot options. If I enable them I can no longer access "anything". The session fails just after the password is accepted. I've even tried entering and then deleting the user from the chroot_list. The results remain the same. Is the chroot_list simply a list of user names or is there some particular format to follow?

Hi,

the change root list is a list of names, one on each line with a single blank line at the end.
Like this:

1 paulk
2 uglyduck
3 mymama
4

If root then you must also remove him from "ftpusers" and possible
depending on your other settings, the user_list both located in /etc/vsftpd/

Mesu

I installed pure-fptd and got it up and going the way I wish in a matter of a couple of minutes. The config file is substantially clearer for someone unfamiliar. I will use that for now seeing that 99.9% of the time the service isn't going to be running anyhow. But I still will work with vsfptd until I get it figured out. The added security it offers is a plus. It's probably not really necessary in this case but nice to have and I probably need to learn how to use it anyhow. I appreciate you help. Thanks.