Limit access to proftpd user

Question

I'm trying to limit access of a specific user (Ex. bob) in proftpd. I have some users that can access the entire server, but 1 specific users should be able to access only 2 folders. Have this structure:

/var/www/site/
/var/www/site/views/
/var/www/site/assets/
/var/www/site/[more files and folders]

I succeeded in giving the user bob a "jailed" access to one of the 2 folders, but not both.

DefaultRoot       /var/www/site/views bob
DefaultRoot       / ftpuser

This way ftpuser have now unlimited access, and bob can only access /var/www/site/views.

How can I give bob access also to /var/www/site/assets ??

I tried 2 solution and neither worked:

1. Links

I tried ls -s /var/www/site/assets /var/www/site/views. This worked for all users but bob. So I tried:

cd /var/www/site/views
ls -s ../assets/ assets

Again, the link works to everyone bu bob.

2. Hiding stuff

I tried to make DefaultRoot /var/www/site/ bob and then add

<Directory /var/www/site/otherdir>
  <Limit ALL>
    DenyUser bob
    AllowAll
  </Limit>
</Directory>

This doesn't work at all. Plus, under /var/www/site/ there are other files that should be hidden and that are not directories.

So again, How can I give bob access to both /var/www/site/assets and /var/www/site/views but nothing else is under /var/www/site ??

Answer 1

One solution is to set up /var/www/site/assets and /var/www/site/views as separate filesystems that are mounted in multiple places.

e.g. mount them at their current locations and under /home/bob/.

This requires some effort initially but it is likely to be the simplest and most secure solution for your users.

See the Filesystem Tricks section in the Proftpd chroot howto.