# FTP question



## fred974 (Mar 25, 2014)

Hello everyone,

My FreeBSD 10 server currently use a public/private key with no password allow for ssh.
One of my website has got a problem and the plugin support team need ftp access to resolve the bug.

My question is, how can I create a secure ftp access for these guys making sure that cannot explore anything other than the web directory?


----------



## Amarantus (Mar 25, 2014)

I use vsftpd with option:

```
chroot_local_user=YES
```
and option for user that can access to other directory than the web directory:

```
chroot_list_enable=YES
chroot_list_file=/usr/local/etc/vsftpd/vsftpd.chroot_list
```


----------



## fred974 (Mar 25, 2014)

Amarantus said:
			
		

> I use vsftpd with option:
> 
> ```
> chroot_local_user=YES
> ...



Hi @Amarantus,

Do you have a link to a good tutorial on how top set that up?


Thank you


----------



## Amarantus (Mar 25, 2014)

Unfortunately not. Install from port; see vsftpd.conf in /usr/local/etc/ and that is all.

Possibly see these links:
https://security.appspot.com/vsftpd.html#features
https://forums.freebsd.org/viewtopic.php?&t=36887


----------



## fred974 (Mar 25, 2014)

Amarantus said:
			
		

> Unfortunately not. Install from port; see vsftpd.conf in /usr/local/etc/ and that is all.
> 
> Possibly see these links:
> https://security.appspot.com/vsftpd.html#features
> https://forums.freebsd.org/viewtopic.php?&t=36887




Thank you very much


----------



## usdmatt (Mar 25, 2014)

You can enable chroot with the default FreeBSD FTP service if you're happy to use it:

1) Uncomment the ftp service in /etc/inetd.conf
2) Enable inetd by adding `inetd_enable="YES"` to /etc/rc.conf
3) Add something like the below to /etc/ftpchroot
4) `service inetd start`


```
user1
@webusers
```

That will chroot @user1 and members of the @webusers group into their home directory when they connect via FTP.


----------

