> Subject: [CentOS] Preventing a user from moving "up" directories > > I am in the process of setting up a new server. In the process I cannot > remember what I need to set so that an FTP user cannot move upward in > the directory tree of the user's directory. The FTP server is VSFTP. > The user's directory is owned by the user and the permissions are 775. > > Isn't there a setting in httpd.conf to prevent that? > > Todd > I dunno about httpd.conf yet... In /etc make a file called vsftpd.chroot_list and put the people in it that can ftp in and go up the tree Depending on config, /etc/vsftpd.user_list are typically users that are not allowed to ftp in under any circumstances. Look at the config file and that file to get more info If userlist_deny=NO, only allow users in this file If userlist_deny=YES (default), never allow users in this file, and do not even prompt for a password. Note that the default vsftpd pam config also checks /etc/vsftpd.ftpusers for users that are denied. Then... go into /etc/vsftpd/vsftpd.conf and you should be able to figure out the rest Then at the end of the file mine looks like this... I don't recall where I got the info or if it was intuitive chroot_local_user=YES # chroot_list_enable=YES # (default follows) chroot_list_file=/etc/vsftpd.chroot_list # # You may activate the "-R" option to the builtin ls. This is disabled by # default to avoid remote users being able to cause excessive I/O on large # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume # the presence of the "-R" option, so there is a strong case for enabling it. #ls_recurse_enable=YES pam_service_name=vsftpd userlist_enable=YES #enable for standalone mode listen=YES tcp_wrappers=YES as a side note, when I create shell accounts that can only ftp in I usually call the shell /bin/ftponly and I put a reference to it in /etc/shells at the end that way they cannot ssh in or whatever - rh -- Robert - Abba Communications Computer & Internet Services (509) 624-7159 - www.abbacomm.net