我在 上列出了一些用户vsftpd.chroot_list
。我希望他们只能访问/var/www/
并且不是任何其他目录。我相信,我对vsftpd.conf
文件进行了必要的更改。但这些用户也可以访问其他目录。
我的/etc/vsftpd.conf
文件有以下条目:
#
# Customization
#
# Some of vsftpd's settings don't fit the filesystem layout by
# default.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd/empty
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/private/vsftpd.pem
##########New Lines#######
user_config_dir=/etc/vsftpd/users
passwd_chroot_enable=YES
答案1
由于您用作vsftpd
FTP 服务器,因此您可以轻松设置虚拟用户并将其锁定到其目录,如中所述本文。
虽然vsftpd
很棒,但proftpd
使用更简单的(IMO)配置文件可能会更好一些。
答案2
# Lock all the users in home directory, ***** really important *****
DefaultRoot ~
MaxLoginAttempts 5
#VALID LOGINS
<Limit LOGIN>
AllowUser userftp
DenyALL
</Limit>
<Directory /var/www>
Umask 022 022
AllowOverwrite on
#<Limit STOR>
#AllowAll
#</Limit>
<Limit ALL>
Order Allow,Deny
AllowUser userftp
Deny ALL
</Limit>
</Directory>
阅读更多内容http://www.red87.com/install-proftpd-in-ubuntu-server/