On Tue, Mar 1, 2011 at 7:58 AM, Ray Van Dolson rayvd@bludgeon.org wrote:
On Tue, Mar 01, 2011 at 07:53:21AM -0500, Nico Kadel-Garcia wrote:
On Mon, Feb 28, 2011 at 10:53 AM, Eero Volotinen eero.volotinen@iki.fi wrote:
2011/2/28 Yang Yang dapiyang@gmail.com:
hi,i have a question want to ask
if i add a user like:
useradd test groupadd test -g www
and how to control user test only can see and write only folder(like /home/htdocs/test,he can not see /home/htdocs or other folder)
for example using chrooted scponly or tweaking filesystem acls and selinux settings.
scponly chrooted is the easiest way.
No, sftp is actually supported, somewhat, in OpenSSH 5 for this to work well, which is not in CentOS 5, and integrating it to CentOS 5 is problematic. It's also awkward to maintain, the chroot cages require the relevant binaries nad libraries in each user's chroot cage. (I used to publish the software changes for this, years back under SunOS and RedHat 5.2, not RHEL 5.2).
Frankly, don't. Use ftps, which Dovecot supports directly, or WebDav over HTTPS, which Apache supports directly with mod_dav.
I think you mean vsftpd? Problem with FTPS is that it *can* be problematic with firewalls (not necessarily your own which you can set up correctly, but on the client side).
*Yes*, yes, definitely my mistake. Thank your for correcting that.
I know FTP can be a nightmare: I thought FTPS had pretty much addressed the separate data and control channel issues, or am I profoundly mistaken?
ProFTPD may be a good option as well. It should have a mod_sftp module which theoretically could be used in tandem with ProFTPD's native chroot'ing stuff. Never tried it though.
Ray
I got vsftpd and httpd/mod_dav playing together well some years back, for someone who *insisted* on retaining FTP access for certain uses. It was.... a fascinating adventure to get them to play nicely.