Background:
I have downloaded the tarball for vsftpd-1.2.0 and I have installed it.
I have installed this on a Redhat 9 machine which I use as a firewall on a cable connection via iptables. I have external(incoming) ftp shutdown, however I wish to use this machine as a repository for all web developement. I do my developement on an internal WIN2000 machine. I use HTMLKit in which I can set up a directory on the firewall so all files are kept and created there thus I need an ftp server on the firewall. I can then ftp my files from the firewall up to my web host.

Incase sometime in the future I open ftp incoming to the firewall via iptables, I want to make sure I do it in a fashion that I can control exactly who I let upload and download from this machine, so I would like to set it up from the start with this in mind even though I will only be connecting to it from inside my LAN presently.

Not new to Linux but still much,,,, very much to learn.
I have been reading the Manpage of VSFTPD.CONF at http://vsftpd.beasts.org/vsftpd_conf.html

From what I have read I have changed my vsftpd.conf file so that I have the following settings:

annonymous_enable=NO
local_enable=NO

everything else was left the way it came from the tarball, so what my first question is:



Question:
Should I use the chroot_list_enable and chroot_list_file settings(which I'm not real clear on how these work), or use the userlist_enable, userlist_deny, with userlist_file.

If I understand correctly the chroot_ is for the current users accounts on my firewall machine (which I have disabled) and the userlist_ allows me to have specific users that can ftp up or down, but are these also account users?


Please forgive me if I have not read enough to find out what the difference is between the two are somewhere on the website, but I have not found this information yet and I could not find it in the plug-discuss archives back to Jan 1 2003.

Steve