At a previous site where I worked we wanted to do this same thing. Using
the wu-ftpd this is fairly simple. I do not know if this is a general
trait of other ftpd's.
To have a real user be treated like an anonymous user (chrooted environment)
during ftp do the following:
1) Add a guestgroup entry to the ftpaccess file (in the ftpd library
directory, wherever that is on your system, probably /usr/local/lib/ftpd,
/usr/lib/ftpd or something like that). The format of the entry is
This tells ftpd to treat any users who are members of the group ftponly
as anonymous users and do a chroot when they use ftp.
2) add the ftponly group to /etc/group and add the user to that group
3) modify the user's /etc/passwd entry as necessary.
* If you only want them to have ftp access (no login) set the shell
to some restricted shell that doesn't allow logins
(/etc/ftponly,/bin/nologin,/bin/false, whatever your site uses).
* The home directory field of the passwd entry specifies the
new / directory after the chroot and the user's initial directory
relative to the new /. So if you have a real user with a home
directory /usr/usra/jquser and you don't want him/her to be able
to see above the /usr/usra level in ftp, set the directory field
of the passwd file to: /usr/usra/./jquser This will put the
user in his/her own directory when ftping to your site and that
directory will look to him/her like /jquser.
If you don't want them to be able to see anything above their own
directory, set the passwd field to: /usr/usra/jquser/ and their
home directory will look like / when they ftp to your site.
See the man page for ftpaccess for more information.
If you have any other questions feel free to write to me at the address
below. The address in the header of this post is temporary at best. The
one below is more permanent.
roaming UNIX Sysadmin and Computational Chemist