I've been googling for my answers for a good few hours and I can't seem to get a direct answer to my questions. I have found many tutorials but many are vague.
Anyways:
I've recently setup VSFTPD on my server. I'm running CentOS 6.4 (if that makes any difference). I have created the user 'test' using useradd and it can login successfully (with SSH and FTP) However this is what I'm looking to do:
Create users (with useradd) to use with VSFTPD and disable SSH for them. With these user(s) restrict them to their web directory (e.g. /var/www/domain/example.com) so they can login with FTP and upload, edit, delete and create directories with in the example.
For reference this is my configuration file:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
chroot_local_user=YES chroot_list_enable=YES
listen=YES
pam_service_name=vsftpd userlist_enable=YES tcp_wrappers=YES
Many thanks. Apologises if my explanation isn't descriptive enough. I'm not sure how to word it.
Best Answer
I'm presuming you're mostly asking how to prevent a user being able to use SSH as - as far as I can tell - your vsftpd config should be good to go based on the chroot_local_user option being set to yes.
You can simply change the user's shell to something like /bin/false (make sure to add it to /etc/shells to prevent possible problems with the ftp server) and your user will be able to authenticate to SSH but they'll just get dumped back out.
Alternatively you could use AllowUsers/DenyUsers in /etc/ssh/sshd_config - but this could require updating the ssh config every time you change who's allowed to login, whereas you can set the user's shell to /bin/false with your useradd command by using
Then if you later want to grant them SSH access you can just use usermod to change their shell to bash (for example).