Hi, I have a server with multiple websites on it, and one of them I want to give access to the person I made the website for, so they can edit some of the webpages.
I have created a user, using their name, and a password, but I can't work out how to set up vsftpd.conf so that when they FTP in, they see only their website's folder - in Filezilla, it correctly goes to their folder, but they can easily go up directories and see everything on the server.
I think the command I want is 'chroot', but I have searched and searched on the internet but can't find a simple guide to how to do it.
I used Webmin to set up their home folder, I couldn't work out how to do that from the command line either, in spite of lots of searching on Google!
I am hoping there is a simple guide somewhere for both of these things, using the command line, as presumably lots of people create sites for their clients, who then want to access and edit them?
Many thanks in advance for any help you can give, and I apologise if the answer is already on this forum somewhere, I tried searching for 'chroot user' but didn't find what I was looking for.
How to restrict user FTP to specific folder?
Re: How to restrict user FTP to specific folder?
Also, I tried editing the /etc/vsftpd/vsftpd.conf file, to change it to
chroot_local_user=YES
which I believe would make users chroot to their home directory, but it made no difference after restarting vsftpd. I then turned off vsftpd using
service vsftpd stop
but Filezilla still continued to work, so obviously vsftpd isn't the ftp daemon that is running on my server (but I am connecting using SSH) - does anybody know how to find out which FTP daemon is running, and how to default it to vsftpd?
chroot_local_user=YES
which I believe would make users chroot to their home directory, but it made no difference after restarting vsftpd. I then turned off vsftpd using
service vsftpd stop
but Filezilla still continued to work, so obviously vsftpd isn't the ftp daemon that is running on my server (but I am connecting using SSH) - does anybody know how to find out which FTP daemon is running, and how to default it to vsftpd?
Re: How to restrict user FTP to specific folder?
Is it possible Filezilla used to SFTP/SCP for the connection?
Looking at /var/log/secure during the login should answer that question.
Looking at /var/log/secure during the login should answer that question.
Re: How to restrict user FTP to specific folder?
Hi, this is the last login in /var/logs/secure
Jan 27 23:37:27 server1 sshd[13883]: Accepted password for root from xx.xxx.xxx.xxx port xxxxx ssh2
Jan 27 23:37:27 server1 sshd[13883]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 27 23:37:27 server1 sshd[13883]: subsystem request for sftp
Jan 27 23:37:39 server1 sshd[13891]: Accepted password for root from xxx.xxx.xxx.xxx port xxxxx ssh2
Jan 27 23:37:39 server1 sshd[13891]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 27 23:37:39 server1 sshd[13891]: subsystem request for sftp
I've 'x'ed out my IP address and port for security reasons.
From another forum, I found out that I should try entering
ps -efe | grep -i ftp
and it told me that /usr/libexec/openssh/sftp-server was running (I think), but if I enter 'stop sftp-server' it says 'Unknown job: sftp-server'.
Jan 27 23:37:27 server1 sshd[13883]: Accepted password for root from xx.xxx.xxx.xxx port xxxxx ssh2
Jan 27 23:37:27 server1 sshd[13883]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 27 23:37:27 server1 sshd[13883]: subsystem request for sftp
Jan 27 23:37:39 server1 sshd[13891]: Accepted password for root from xxx.xxx.xxx.xxx port xxxxx ssh2
Jan 27 23:37:39 server1 sshd[13891]: pam_unix(sshd:session): session opened for user root by (uid=0)
Jan 27 23:37:39 server1 sshd[13891]: subsystem request for sftp
I've 'x'ed out my IP address and port for security reasons.
From another forum, I found out that I should try entering
ps -efe | grep -i ftp
and it told me that /usr/libexec/openssh/sftp-server was running (I think), but if I enter 'stop sftp-server' it says 'Unknown job: sftp-server'.
Re: How to restrict user FTP to specific folder?
I should have said in my second post that I only installed vsftpd this afternoon, as I could only find instructions for chroot-ing a user for vsftpd, and didn't know what ftp daemon was running on my server.
I have to say that I wish there was a simple webpage that would explain the basics that most users of servers will have to know, I would imagine most users will want to learn how to point a domain name to a specific directory on the server, set up users and limit their access to one directory, etc. Maybe I've missed it, but I have been searching around for the past month and never find all the answers in one place (that's IF I find the answers at all).
EDIT: Problem solved. The FTP daemon is called 'SSHD', as shown in the log above. I've stopped it using 'service sshd stop', now I can try starting vsftpd and see how things go from there... Thanks for your help, much appreciated.
I have to say that I wish there was a simple webpage that would explain the basics that most users of servers will have to know, I would imagine most users will want to learn how to point a domain name to a specific directory on the server, set up users and limit their access to one directory, etc. Maybe I've missed it, but I have been searching around for the past month and never find all the answers in one place (that's IF I find the answers at all).
EDIT: Problem solved. The FTP daemon is called 'SSHD', as shown in the log above. I've stopped it using 'service sshd stop', now I can try starting vsftpd and see how things go from there... Thanks for your help, much appreciated.
How to restrict user FTP to specific folder?
[quote]
bwd2013 wrote:
EDIT: Problem solved. The FTP daemon is called 'SSHD', as shown in the log above. I've stopped it using 'service sshd stop', now I can try starting vsftpd and see how things go from there..[/quote]
No it's not. SSH is NOT a FTP server.
bwd2013 wrote:
EDIT: Problem solved. The FTP daemon is called 'SSHD', as shown in the log above. I've stopped it using 'service sshd stop', now I can try starting vsftpd and see how things go from there..[/quote]
No it's not. SSH is NOT a FTP server.
Re: How to restrict user FTP to specific folder?
Hi vonskippy, I am using CENTOS6, do you know what I should be looking for here?
I want to chroot jail the user to /var/www/theirname
not
/home/theirname
(every guide I've looked at only tells me how to chroot jail them to /home/theirname, which is no use for me).
I found this guide - does this look like what I want?
http://www.thisisnotsupported.com/sftp-chrootjail-on-centos6/
I want to chroot jail the user to /var/www/theirname
not
/home/theirname
(every guide I've looked at only tells me how to chroot jail them to /home/theirname, which is no use for me).
I found this guide - does this look like what I want?
http://www.thisisnotsupported.com/sftp-chrootjail-on-centos6/