Securing VSFTPD

Hello,

Just looking for some friendly advice here.

I am a little new to Linux so please don't blast me.

I would like to secure VSFTPD. I have two users that I have created on
my system. I want to give access to other folks for FTP but not
create accounts for them on the system.

What is the correct way to do this?

I found this link on google:http://www.netadmintools.com/art355.html

Is there any problems with what this author is recommending? I just
want to be sure if I create a user via the VSFTPD program that they
only have access to 1 directory and that is it. I do not want them
being able to see outside the one assigned directory.

What is the best way to do this?

Thanks a bunch for some help.

Arnie.

arnie <arnie@hotmail.com> wrote:
> Hello,
>
> Just looking for some friendly advice here.
>
> I am a little new to Linux so please don't blast me.
>
> I would like to secure VSFTPD. I have two users that I have created on
> my system. I want to give access to other folks for FTP but not
> create accounts for them on the system.
>
> What is the correct way to do this?
>
> I found this link on google:http://www.netadmintools.com/art355.html
>
> Is there any problems with what this author is recommending? I just
> want to be sure if I create a user via the VSFTPD program that they
> only have access to 1 directory and that is it. I do not want them
> being able to see outside the one assigned directory.
>
> What is the best way to do this?
>
> Thanks a bunch for some help.
>
> Arnie.

What the author is recommending doesn't seem too bad, but it doesn't do
what you want.

vsftpd is pretty flexible if you use user_config_dir; also, local_chroot
and anon_chroot are useful. You'll want write_enable=YES,
virtual_use_local_privs=YES, local_chroot=/srv/ftpd/$USER, and possibly
force_local_logins_ssl=YES, force_local_data_ssl=YES in the user
configuration files ($USER_CONFIG_DIR/$USER). [Warning: the latter
option breaks many FTP clients. CoreFTP (Win32) and lftp (*nix) do
work.]

Joachim