Access multiple home directories with a single FTP account
Q I've set up a number of FTP accounts restricted to their respective directories. On our dedicated server running RHEL I managed to do this by setting the users to chroot(). These accounts are used by our clients, who upload spreadsheets and other data that is then downloaded and processed by our management consultants. This was very popular as originally all information was exchanged over email. The consultants have now made my task more challenging by refusing to log in to each of their clients' FTP acount, insisting that it should be easy to set up the FTP server in a way that they can log in with one username and password and see all their clients's as subfolders. I have to be careful not to allow one consultant to be able to see information pertaining to another consultant's clients. Can you help?
A Assuming that you are using the stock vsftpd server that is bundled with RHEL 3 and 4, a bit of reconfiguration on how the accounts are created can take you a long way. For a consultant called John Doe, an account without a login shell can be created as follows:
# useradd -d /home/jdoe -s /sbin/nologin jdoe
John's clients can now have their home directories created under /home/jdoe. To allow the consultant to descend to and manage files within the client's home directories, the accounts can be created with 'jdoe' as the default group and full group permissions assigned thus:
# useradd -g jdoe -d /home/jdoe/client1 -s /sbin/nologin client1
# chmod g=rwx /home/jdoe/client1/
The FTP server will not be able to transfer the client into his home directory unless execute permissions are set on all the parent directories:
# chmod g+x /home/jdoe
FTP users created will also have to be configured to chroot().
Follow us on Identi.ca or Twitter