[snip] You need to be 100% sure that myuser can't download from the incoming directory [snip] Thanks for pointing that out. Does anyone know how to do this in VSFTPD?
Richard Humphrey -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Ed Wilts Sent: Friday, March 14, 2003 10:32 AM To: [EMAIL PROTECTED] Subject: Re: FTP On Fri, Mar 14, 2003 at 10:21:47AM -0600, Richard Humphrey wrote: > Well not sure if this is the best way to do it but here is what I did. > Please enlighten me if what I did is incorrect or poses some security flaws. > First I created a user , lets call him myuser with no shell access > I pointed his home directory to /var/ftp/myuser ( I created the myuser dir > first) > I then added myuser to vsftpd.chroot_list so he only has access to > /var/ftp/myuser > I changed group for myuser to be ftp > I left owner as root > Inside /var/ftp/myuser I created the following directories: incoming and > outgoing > For the incoming directory I allowed write access by changing owner to > myuser > For the outgoing directory I only allowed read access. You need to be 100% sure that myuser can't download from the incoming directory or he'll be able to turn your server into a pirate site. You also need to be 100% sure he can't change permissions on the incoming and outgoing directory - by default, users can change permissions on their own files. -- Ed Wilts, Mounds View, MN, USA mailto:[EMAIL PROTECTED] Member #1, Red Hat Community Ambassador Program -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
