Hello,
To start off I have a server running the latest version of Ubuntu Server (11.something I believe).

I have installed vsFTPd on it, and I wish to chroot all users in the group 'webdev' to /var/www in such away that they cannot see ANY files that are not in the DIR.

I have chrooted users before only to discover that the user still had full access to the server.

Any help??

This is done using the option:


chroot_local_user=YES
for all users

Or for certain users:


chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list


java tutorials (http://www.java-forums.org/java-tutorial/)

I'm guessing that chroots them to their home DIRs, I am needing to chroot them to the /var/www DIR?

I would also like to know how to chroot all vsftpd logins to a directory which is not the user's home directory..

Any ideas please?

I'm guessing that chroots them to their home DIRs, I am needing to chroot them to the /var/www DIR?
You only think you need that ;) Much simpler to setup the document root directories somewhere in the users home directories.

Possibly unless you have virtual users; no experience with that.

Let me add the structure that I use


|
+-- user
| +-- web
| |
| +-- www
| | |
| | +-- files
| |
| +-- inc


www is the document root, readable by apache
inc is used for 'library' functions and functions that contain usernames and or passwords (for e.g. the mysql database). apache must be able to read it but as it's outside the document root, visitors can never view it
filesis readable and writable by apache; I use acl for it but you can also change the ownership. It's used for uploaded files and files (reports) generated by apache (php)

Great now we are solving y to solve x.
I need x because I have more than one developer accessing the folder (and possibly different sets of developers accessing different sites).

I switched to Ubuntu Server because I thought it would be more powerful, so far the crud that I have piling up on my Windows laptop is proving more powerful :sadface:. Here is a example of what I want:

NSDevs
Me
Sam
SSDevs
Me
Sam
Kain
ExtraDevs
Me
Jeff

NSDevs can access /var/web/NS/
SSDevs can access /var/web/SS/
and ExtraDevs can access /var/web/extra/

Is this even possible??

Sorry, I did not read your original post :oops: Only the post that I reacted on.

I can think of a few solutions, but you might consider those being workarounds. I only have the experience with vsftpd that suites my needs ;) Somebody else might have the right answer.

As this is ftp (so I assume remote), you can consider to setup users named nsdevs, ssdevs and extradevs, jail them to the appropriate directory and let those login via ftp (sharing the password). Disadvantage might be that you can't track who uploaded what.

Alternative can be to place symlinks to the directories in the user's home directory; not much experience with this.

And your best bet might be to drop vsftpd in favour of proftpd. According to http://www.proftpd.org/docs/howto/Chroot.html, it allows the use of virtual hosts and chroot based on groups. No experience with it.

Yes I will check out ProFTPD, vsFTPd has been not so great. Being secure also means being customizable if you ask me. vsFTPd doesn't even give me decent logging powers :sadface:.

BTW I don't think you can chroot to any DIR other than your home DIR :sadface:.

Ok switched to proFTPd looks a lot better :happyface:

This thread can be locked.

You can mark the thread as solved using the thread tools just above the first post on the page.

vsFTPd can do everything you want and I'd argue more secure and better than any other ftp server out there. maybe this post would help others get the config they want in vsftpd
http://blog.vigilcode.com/2011/08/configure-secure-ftp-with-vsftpd/