Disable Delete Permission Vsftpd For Specific User

Disable Delete Permission Vsftpd

In this article, we are going to understand how to disable or remove delete permission for any specific vsftpd user. This is a very important configuration which helps or saves you from sudden deletion of files.

We have faced this issue and we want to disable the remove/delete permission for the specific user. After long hours of searching on google did not find any solution. When we dig into the vsftpd man pages that time we came to know about this solution. After successful testing, I have shared this on techthings.

If you do not install vsftpd on the system then follow my previous guide on VSFTPD installation and configuration.

 

READ : Installtion and configuration of FTP server on centos

READ : Install vsftpd using source code on any linux system

Let's check the step-by-step configuration to disable delete permission for vsftpd user.
"user_conf_dir" is the powerful option allows you to disable delete permission.

Step 1: Create a vsftpd_user_conf directory

Create "vsftpd_user_conf" directory under the "/etc/vsftpd". This directory contains the configuration file for vsftpd user.

$ mkdir -p /etc/vsftpd/vsftpd_user_conf

Step 2: Configuration file

Now create a configuration file for vsftpd user with the username. Here I have created testuser on the system. I have created "testuser" file under the "/etc/vsftpd/vsftpd_user_conf". This "testuser" file used to add the entries which disable the delete/remove permission for vsftpd user.

$ vim /etc/vsftpd/vsftpd_user_conf/testuser
##Disable delete commands
cmds_denied=DELE,RMD

save and close the file.

Step 3: Add Configuration in Vsftpd.conf

Now open "vsftpd.conf" and add the below entry to the end of the file. Reload the vsftpd service.

vim /etc/vsftpd/vsftpd.conf

# if you don't want to give access to user use /home/$USER then you can
# use following param to use different home dir
# local_root=/home/vsftpd/$USER
# user_sub_token=$USER

user_config_dir=/etc/vsftpd/vsftpd_user_conf
Reload Vsftpd Service:
$ /etc/init.d/vsftpd reload

Step 4: Test

Login from the terminal with ftp user and then try to delete a file with that user. You will get "550 Permission denied." error.

root@staging:/etc/vsftpd/vsftpd_user_conf# ftp 192.168.4.202

Connected to 192.168.4.202.
220 (vsFTPd 3.0.2)
Name (192.168.4.202:root): testuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
200 PORT command successful. Consider using PASV.
150 Here comes the directory listing.
-rw-rw-r-- 1 1005 1004 8 Nov 03 17:52 zTJDsf6gasdasd.html
226 Directory send OK.
ftp> del zTJDsf6gasdasd.html
550 Permission denied.
ftp>

That's it now your files are protected.
I hope you like the article if you find any difficulties then please do comment your queries or problem via the comment section, till then stay tuned to techthings.org for more such valuable articles.

You can also go through our previous article which helps you to secure files.

 

READ : Permit access to files outside home directory for FTP user

 

Latest Comments
  1. Kumar NIkhil November 5, 2016
    • Prashant Thorat November 5, 2016
      • Kumar NIkhil November 18, 2016
        • Prashant Thorat November 19, 2016

Leave a Reply

Your email address will not be published. Required fields are marked *