Join Log in
Score:0
msr avatar Server

Centos 7 - SCP or FTP for specific user to specific folder

ru flag
msr

I've found tons of entries for this topic - but I've still not managed to get the following running:

I like to provide a new user for accessing a specific already existing folder, whose owner must not be changed. Folder permissions should be added by ACL's. The user must not access any other folder than that. The user should upload files in that folder.

I already tried configuring it with sshd - but that way the folder seems to need root owner. Next I tried with vsftp and followed several guides. I came to that point, that the user could login, but its entry point is at root "/" with no permissions or anywhere.

I didn't manage to restrict the user to just one directory.

With the actual configuration I cannot even login anymore:

Details: CentOS Linux release 7.9.2009 (Core)

Steps: create testuser + ftpusers group

testuser:x:1009:1010::/ftp/upload:/usr/sbin/nologin

for testing purposes:

chown -R testuser:ftpusers /ftp

vsftpd.conf

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
chroot_list_enable=YES

chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
listen_ipv6=NO
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

userlist_file=/etc/vsftpd/user_list
userlist_deny=NO
allow_writeable_chroot=YES
local_umask=0000
file_open_mode=0777
pasv_min_port=30000
pasv_max_port=31000
chroot_local_user=YES
local_root=/ftp/upload
user_sub_token=$USER

getsebool -a | grep ftp

ftpd_anon_write --> off
ftpd_connect_all_unreserved --> off
ftpd_connect_db --> off
ftpd_full_access --> on
ftpd_full_access --> on
ftpd_use_cifs --> off
ftpd_use_fusefs --> off
ftpd_use_nfs --> off
ftpd_use_passive_mode --> off
httpd_can_connect_ftp --> off
httpd_enable_ftp_server --> off
tftp_anon_write --> off
tftp_home_dir --> on

cat user_list

testuser

systemctl restart vsftpd

ftp to server

Connected to ftp-server (x.x.x.x).
220 Works!
Name (ftp-server:root): testuser
331 Please specify the password.
Password:
530 Login incorrect.
Login failed.

--> note: "userlist_deny=NO" already configured

34
0 + 0
ftp
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.