[轉貼]vsftpd - Limit FTP access only to /var/www
http://unix.stackexchange.com/questions/94603/vsftpd-limit-ftp-access-only-to-var-www<br><div class="post-text">
<p>To achieve this need following things :</p>
<p><strong>Method 1#</strong></p>
<p>By changing User's Home directory </p>
<p>Make sure following line exists</p>
<pre><code>chroot_local_user=YES
</code></pre>
<p>Set User HOME Directory to <code>/var/www/</code> , if you want to change for existing user then you can use :</p>
<pre><code>usermod --home /var/www/ username
</code></pre>
<p>then set required permission on <code>/var/www/</code></p>
<p><strong>Method 2#</strong> </p>
<p>If you don't want to change user's Home directory then you can use:</p>
<pre><code>chroot_local_user=YES
local_root=/ftphome/$USER
user_sub_token=$USER
</code></pre>
<p>About <code>user_sub_token</code>:</p>
<blockquote>
<p>Automatically generate a home directory for each virtual user, based on a template.
For example, if the home directory of the real user specified via guest_username is
/ftphome/$USER, and user_sub_token is set to $USER, then when virtual user test
logs in, he will end up (usually chroot()'ed) in the directory /ftphome/test.
This option also takes affect if local_root contains user_sub_token.</p>
</blockquote>
<p>Create directory and setting up permission :</p>
<pre><code>mkdir -p /ftphome/{test,user1,user2}
chmod 770 -R /ftphome
chown -R ftp. /ftphome
usermod -G ftp test
</code></pre>
<p>Once restart <code>vsftpd</code> and test your setup.</p>
<p>Sample success output:</p>
<pre><code>[root@mail tmp]# ftp localhost
Connected to mail.linuxian.local.
220 (vsFTPd 2.0.5)
530 Please login with USER and PASS.
530 Please login with USER and PASS.
KERBEROS_V4 rejected as an authentication type
Name (localhost:root): test
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mput vhosts
mput vhosts?
227 Entering Passive Mode (127,0,0,1,146,41)
150 Ok to send data.
226 File receive OK.
24 bytes sent in 3.3e-05 seconds (7.1e+02 Kbytes/s)
ftp> ls -rlt
227 Entering Passive Mode (127,0,0,1,97,90)
150 Here comes the directory listing.
-rw-r--r-- 1 787 787 24 Oct 11 19:57 vhosts
226 Directory send OK.
ftp> 221 Goodbye.
</code></pre>
</div>
<div class="post-menu"><a href="http://unix.stackexchange.com/a/94673" title="short permalink to this answer" class="short-link" id="link-post-94673">share</a><span class="lsep"></span><a href="http://unix.stackexchange.com/posts/94673/edit" class="suggest-edit-post" title="">improve this answer</a></div><br>