zeldor.biz

Linux, programming and more

ProFTPD howto

by Leave a Comment


Had to setup an FTP server, guides that I found elsewhere didn’t do exactly what I want. So it took some trial and error to achieve the setup that I needed.

My objectives:

✓ Be able to create virtual users without having to create a system account for every user.
✓ Set individually permissions and groups for each virtual user
✓ FTP users should be “chrooted”
✓ Of course R/W access

1

aptitude update ; aptitue install proftpd

Virtual user configuration:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

# Virtual user login
DefaultRoot ~
AuthUserFile /etc/proftpd/ftpd.passwd
AuthPAM off
RequireValidShell off
 
# DNS resolv
UseReverseDNS off
IdentLookups off
 
# Hide proftpd version
ServerIdent off
 
# Other
ShowSymlinks    on
 
# Faking
<directory var="" www="" vhosts="" example.com="">
   DirFakeUser              on www-data
   DirFakeGroup             on www-data
</directory>
 
<directory var="" www="" vhosts="" example.biz="">
   DirFakeUser              on www-data
   DirFakeGroup             on www-data
</directory>

Cerate virtual user:

1
2

cd /etc/proftpd/
ftpasswd --passwd --name ftpuser01 --uid 1001 --gid=1001 --home /var/www/vhosts/example.com/ --shell /bin/false

System user configuration:

1
2
3
4
5

DefaultRoot     ~
RequireValidShell off
ShowSymlinks            off
RootLogin           off
UseFtpUsers off

Add system user:

1

useradd -c "ftpuser01" -u 33 -o -g 33 -d "/var/www/" -s /bin/sh "ftpuser01"

33 is www-data Group

Change Password:

1

ftpasswd --change-password --passwd --name=ftpuser01

Before you restart proftpd, you should make a syntax check:

1

proftpd -td5

Alternative you can use Group File:

1

AuthGroupFile /etc/proftpd/ftpd.group

Create Group and add user to it:

1

ftpasswd --group --name=ftpmember --gid=5000 --member=ftpuser01


Another kind of permissions:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

<directory var="" ftp="" user1="" read="">
     	 	<limit all="">
        DenyAll
    </limit>
     	 	<limit dirs="" read="">
        AllowUser user1
    </limit>
</directory>
<directory var="" ftp="" user1="" write="">
     	 	<limit all="">
        DenyAll
    </limit>
     	 	<limit dirs="" read="" write="">
        AllowUser user1
    </limit>
</directory>