I've been searching around a bit and think I got my self lost. Does anyone know of an FTP server that lets you set permissions, such as a chroot, for specific users?

I am setting up a web/mail/ftp/whatever server right now. I want to have a bit more complex ftp server than most would have, but am not quite sure how to accomplish this. I want to have a user dropped into a specific directory when they log in, but be able to follow symlinks to directories that could possibly be sitting on another drive, or just in a folder outside of their directory. Is it at all possible to do something like this?

Both VSFTP and ProFTP can do this not sure about pureftp as I have never used it. Both VSFTP and ProFTP come with several Distros My Mandrake distro has ProFTP and SuSE uses VSFTP.

There is a way to do this and both of them require editing the conf file a bit.

Set the Default Dir as something there will never be any files.

edit the conf file so that no ANONYMOUS users can log in.

Now after that is done each user will be placed into their own directory create Synlinks to the directories that you want them to access that are not in their home dir and place them into their home directory.

if there is a more secure way to do this please let me know so I can implament it on my server.

Hope it helps
Joel

Thanks for that. I was looking all over the ProFTPD site and just could not really find anything that explained what I was looking for. Maybe I'll look harder. After posting I also figured I could mount the directories that will be used by each user by doing a mount --bind. Haven't had a chance to test this since I still can't get slackware installed on my server, but that's just a matter of time. I figure if I mount the directories it'll act like a real directory instead of having to worry about weather or not a user can follow a symlink once they have been put in a chroot(). This might make things a bit more secure for your stuff as well, dunno though. Thanks for the help.

And tell your users that their passwords will be sent across the network in CLEAR TEXT, so they should really change them about once a day...

Don't like that idea? Maybe sftp would work a bit better (part of openssh, but I don't think you can lock users into their home directories)... ;)

I'm not too worried about the passwords being sent in plain text. The people who would be using my ftp space would be close friends of mine. We are all geeks so we understand the security issues behind it. The ftp would mostly be used for download only file transfers for my self, but some uploads would occur. The uploaded files would then be moved to other directories by scripts I'm going to have running in the background.
In the end it'll all work out, it's just a matter of how sloppy I want to get.

Hmm... well, I suppose. If you want to accept the risk, then who am I to tell you not to? ;)

But let me just say, I wouldn't. Especially if uploads are going to be allowed -- someone can intercept that password, and then start uploading massive amounts of junk to your server using it. And especially if those passwords protect other things (not sure if they do in your case or not) -- if the same password allows the same user to log in via ssh or something, now you're open to local root exploits run by a less than scrupulous person.

But whatever. :)