I'm trying to limit access of a specific user (Ex. bob) in proftpd. I have some users that can access the entire server, but 1 specific users should be able to access only 2 folders. Have this structure:
/var/www/site/
/var/www/site/views/
/var/www/site/assets/
/var/www/site/[more files and folders]
I succeeded in giving the user bob a "jailed" access to one of the 2 folders, but not both.
DefaultRoot /var/www/site/views bob
DefaultRoot / ftpuser
This way ftpuser have now unlimited access, and bob can only access /var/www/site/views.
How can I give bob access also to /var/www/site/assets ??
I tried 2 solution and neither worked:
- Links
I tried ls -s /var/www/site/assets /var/www/site/views. This worked for all users but bob. So I tried:
cd /var/www/site/views
ls -s ../assets/ assets
Again, the link works to everyone bu bob.
- Hiding stuff
I tried to make DefaultRoot /var/www/site/ bob and then add
<Directory /var/www/site/otherdir>
<Limit ALL>
DenyUser bob
AllowAll
</Limit>
</Directory>
This doesn't work at all. Plus, under /var/www/site/ there are other files that should be hidden and that are not directories.
So again, How can I give bob access to both /var/www/site/assets and /var/www/site/views but nothing else is under /var/www/site ??
One solution is to set up
/var/www/site/assetsand/var/www/site/viewsas separate filesystems that are mounted in multiple places.e.g. mount them at their current locations and under
/home/bob/.This requires some effort initially but it is likely to be the simplest and most secure solution for your users.
See the Filesystem Tricks section in the Proftpd chroot howto.