PROFTPD的Chroot限制

　　PROFTPD.CONF如何改?我要限制不同FTP USER在他自己目录读写,其他目录不可读写.请帮一把巴!!请看一下这个配置文件错在那里:(FTP USER AND FTP GROUP有了,控制目录是 /APP/FTPDIR 允许目录是 /APP/FTPDIR/PEARL ) # # Virtual Hosting Server Configuration # for Frontier Internet Services Limited # (http://www.000.com/) # ServerName "Master Webserver" # # Spawn from inetd? # #ServerType inetd # # or maybe a standalone server... # ServerType standalone # # don't give the server banner until _after_ authentication # DeferWelcome off # # Some basic defaults # Port 21 Umask 002 TimeoutLogin 120 TimeoutIdle 600 TimeoutNoTransfer 900 TimeoutStalled 3600 # # No, I don't think we'll run as root! # User ftp Group ftp

　　# We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp RequireValidShell no

　　# # This is a non-customer usable name, (ie they should be connecting via www.{domain}) # not 'hostname'. Therefore let's dump them in a dummy account and wait for them to # scream. # DefaultRoot /app/ftpdir/ # # Performance, let's do DNS resolution when we process the logs... # UseReverseDNS off # # Where do we put the pid files? # #ScoreboardPath /var/run/proftpd # # Logging options # #TransferLog /var/spool/syslog/proftpd/xferlog.legacy # # Some logging formats # #LogFormat default "%h %l %u %t "%r" %s %b" #LogFormat auth "%v [%P] %h %t "%r" %s" #LogFormat write "%h %l %u %t "%r" %s %b" # # Global settings #

　　DisplayLogin welcome.msg DisplayFirstChdir readme # # having to delete before uploading is a pain ;) # AllowOverwrite yes # # Turn off Ident lookups # IdentLookups off # # Logging # # file/dir access # # ExtendedLog /var/spool/syslog/proftpd/access.log WRITE,READ write # # # Record all logins # # ExtendedLog /var/spool/syslog/proftpd/auth.log AUTH auth # # Paranoia logging level.... # ##ExtendedLog /var/spool/syslog/proftpd/paranoid.log ALL default

　　# # Deny writing to the base server... #

　　DenyAll

　　# -------------------------------------------- # Virtual Servers start here.... # # (Note: this is normally auto generated by a # script written in house). # -------------------------------------------- # # ewftp.ewserver.com. # This is the default server # Gets all the connections for www.{customer.domain}, #

　　ServerAdmin admin@ewserver.com ServerName "ewMaster FTPserver" MaxLoginAttempts 2 RequireValidShell no # TransferLog /var/spool/syslog/proftpd/xferlog.www MaxClients 50 DefaultServer on #DefaultRoot ~ !staff DefaultRoot /app/ftpdir AllowOverwrite yes

　　# # No quickly do we kick someone out # TimeoutLogin 120 TimeoutIdle 600 TimeoutNoTransfer 900

　　DenyAll

　　User ftp Group ftp UserAlias anonymous ftp

　　AllowAll

　　DenyAll

　　# --------------------------------------------

　　# --------------------------------------------

　　# # Block them from doing anything other than reading... # #

　　AllowAll

　　FLOATBOAT TOLD ME THIS BELOW,BUT DIDN'T WORK: 修改proftpd.conf，添加DefaultRoot ~ groupname 其中groupname为用户组的名，如添加一个新的用户username，和一个新的组groupname，要将username限制在其主目录内只需要添加上面所说的那条语句到proftpd.conf中即可。切记修改完之后要重新启动proftpd