Restrict FTP Users To Their Home Directory Without Using OpenSSH – Oracle Linux
Sometimes, we want to grant access to some users for uploading and downloading (Transferring files) file via FTP server on your Linux machine.
By default, any user has access to view his home directory and other directories on remote machine but we want to restrict all FTP users to their home directory and prevent uploading files from other users home directory. Also we want to disallow the user to make SSH connection and use SFTP.
As the first step, you need to install “VSFTPD” as FTP server on your Linux machine and then configure some configuration files.
Also we want to create a group and grant FTP permissions to the group.
Here is the instructions and configurations:
Step 1: Create group, users and change the users home directories:
mkdir /FTP/ftpuser1 mkdir /FTP/ftpuser1/incoming mkdir /FTP/ftpuser1/outgoing groupadd ftpusers useradd -d /FTP/ftpuser1 -g ftpusers ftpuser1 passwd ftpuser1 chown root:root /FTP/ftpuser1 chmod 750 /FTP/ftpuser1 setfacl -m u:ftpuser1:rwx /FTP/ftpuser1/incoming setfacl -m u:ftpuser1:rwx /FTP/ftpuser1/outgoing
Step 2: Deny the group access to SSH by editing ‘/etc/ssh/sshd_config”:
Find and comment the below line: Subsystem sftp /usr/libexec/openssh/sftp-server Add the below line: Denygroup ftpusers
Save and exit. Then restart “sshd” service.
Step 3: Add the below lines to “/etc/vsftpd/vsftpd.conf”
anonymous_enable=NO chroot_local_user=YES userlist_enable=YES userlist_file=/etc/vsftpd/user_list_access userlist_deny=NO
Step 4: Create a file (“/etc/vsftpd/user_list_access”) and add the usernames to the file and then restart “vsftpd” service.
Step 5: Test FTP connection by run “ftp x.x.x.x” command and logon to FTP server by the ftpuser.
Hope, this post help you to keep safe your FTP server.
Update: If you want to disable the user logon, you should change the below line in “/etc/passwd”:
ftpuser:x:500:500::/FTP:/bin/bash Change to: ftpuser:x:500:500::/FTP:/sbin/nologin
