6

I have a CentOS server running PureFTPd with multiple virtual users mapping to a single system user. Each of these virtual users gets chrooted to a directory corresponding to their username. The directory tree is:

  • /ftp_accounts
    • /virtual_user_1
    • /virtual_user_2
    • ...
    • /virtual_user_N

Only one of these FTP virtual users (let's call him "master_virtual_user") is chrooted the main ftp_accounts directory, allowing access to all sub-folders.

For this specific "master_virtual_user", I would like to prevent the deletion of only the virtual_user_* folders, but still maintain full read-write access to everything else in this directory tree.

Given that all of these FTP virtual users are mapping to the same system user, is there any way to achieve this?

masegaloeh
  • 18,498
Ralph
  • 205

2 Answers2

5

It would be nice if you could use the immutable flag on directories, but you can cheat by making a file in that directory that is immutable. So touch virtu_user_X/.immutable then chattr +i virt_user_x/.immutable. For example:

[root@hellonurse ~]# cd /root
[root@hellonurse ~]# mkdir z
[root@hellonurse ~]# cd z
[root@hellonurse z]# touch .i
[root@hellonurse z]# chattr +i .i
[root@hellonurse z]# cd ..
[root@hellonurse ~]# rm  -rf z
rm: cannot remove ‘z/.i’: Operation not permitted
[root@hellonurse ~]# chattr -i z/.i
[root@hellonurse ~]# rm  -rf z
[root@hellonurse ~]# ls z
ls: cannot access z: No such file or directory
Xavier Lucas
  • 13,505
chicks
  • 3,915
  • 10
  • 29
  • 37
3

Take away write permissions for that user using file system access control lists (ACL) - setfacl command.

setfacl -m u:master_virtual_user:r-x virtual_user_*

Daniel t.
  • 9,619