On Tue, Mar 1, 2011 at 7:58 AM, Ray Van Dolson <rayvd at bludgeon.org> wrote: > On Tue, Mar 01, 2011 at 07:53:21AM -0500, Nico Kadel-Garcia wrote: >> On Mon, Feb 28, 2011 at 10:53 AM, Eero Volotinen <eero.volotinen at iki.fi> wrote: >> > 2011/2/28 Yang Yang <dapiyang at gmail.com>: >> >> hi,i have a question want to ask >> >> >> >> if i add a user like: >> >> >> >> useradd test >> >> groupadd test -g www >> >> >> >> and how to control user test only can see and write only folder(like >> >> /home/htdocs/test,he can not see /home/htdocs or other folder) >> > >> > for example using chrooted scponly or tweaking filesystem acls and >> > selinux settings. >> > >> > scponly chrooted is the easiest way. >> >> No, sftp is actually supported, somewhat, in OpenSSH 5 for this to >> work well, which is not in CentOS 5, and integrating it to CentOS 5 is >> problematic. It's also awkward to maintain, the chroot cages require >> the relevant binaries nad libraries in each user's chroot cage. (I >> used to publish the software changes for this, years back under SunOS >> and RedHat 5.2, not RHEL 5.2). >> >> Frankly, don't. Use ftps, which Dovecot supports directly, or WebDav >> over HTTPS, which Apache supports directly with mod_dav. > > I think you mean vsftpd? Problem with FTPS is that it *can* be > problematic with firewalls (not necessarily your own which you can set > up correctly, but on the client side). *Yes*, yes, definitely my mistake. Thank your for correcting that. I know FTP can be a nightmare: I thought FTPS had pretty much addressed the separate data and control channel issues, or am I profoundly mistaken? > ProFTPD may be a good option as well. It should have a mod_sftp module > which theoretically could be used in tandem with ProFTPD's native > chroot'ing stuff. Never tried it though. > > Ray I got vsftpd and httpd/mod_dav playing together well some years back, for someone who *insisted* on retaining FTP access for certain uses. It was.... a fascinating adventure to get them to play nicely.