On Tue, Mar 01, 2011 at 07:53:21AM -0500, Nico Kadel-Garcia wrote: > On Mon, Feb 28, 2011 at 10:53 AM, Eero Volotinen <eero.volotinen at iki.fi> wrote: > > 2011/2/28 Yang Yang <dapiyang at gmail.com>: > >> hi,i have a question want to ask > >> > >> if i add a user like: > >> > >> useradd test > >> groupadd test -g www > >> > >> and how to control user test only can see and write only folder(like > >> /home/htdocs/test,he can not see /home/htdocs or other folder) > > > > for example using chrooted scponly or tweaking filesystem acls and > > selinux settings. > > > > scponly chrooted is the easiest way. > > No, sftp is actually supported, somewhat, in OpenSSH 5 for this to > work well, which is not in CentOS 5, and integrating it to CentOS 5 is > problematic. It's also awkward to maintain, the chroot cages require > the relevant binaries nad libraries in each user's chroot cage. (I > used to publish the software changes for this, years back under SunOS > and RedHat 5.2, not RHEL 5.2). > > Frankly, don't. Use ftps, which Dovecot supports directly, or WebDav > over HTTPS, which Apache supports directly with mod_dav. I think you mean vsftpd? Problem with FTPS is that it *can* be problematic with firewalls (not necessarily your own which you can set up correctly, but on the client side). ProFTPD may be a good option as well. It should have a mod_sftp module which theoretically could be used in tandem with ProFTPD's native chroot'ing stuff. Never tried it though. Ray