Restricting a user for FTP

Question

How would I go about restricting a user to a specified folder such as /var/www/html/ I already have this location as their default landing location for FTP, but I need to restrict them specifically to this location, I don't want them to be able to go back through the server and see anything beyond this location.

Your question is [off-topic](http://stackoverflow.com/help/on-topic) here. — Martin Prikryl, Mar 24 '17 at 07:05

score 0 · Answer 1 · edited Apr 13 '17 at 12:36

In general, the solution to this problem is called chroot.

Basically, what you want to do is to set up vsftpd and make sure the setting chroot_local_user=YES is turned on.

Then, users will only be able to access their home directories. That might be too general for you, because it applies broadly to all users.

https://unix.stackexchange.com/questions/94603/limit-ftp-access-only-to-the-var-www-with-vsftpd

You get more granular control over which users are chrooted with sftp.

In that situation, you would need to have openssh installed, put all users you want to chroot into a specific group, and then make sure the following settings are set:

Subsystem     sftp   internal-sftp
Match Group NAME_OF_GROUP_TO_CHROOT
    ChrootDirectory %h
    ForceCommand internal-sftp
    AllowTcpForwarding no

http://www.techrepublic.com/blog/linux-and-open-source/chroot-users-with-openssh-an-easier-way-to-confine-users-to-their-home-directories/

Restricting a user for FTP

1 Answers1