Had to setup an FTP server, guides that I found elsewhere didn’t do exactly what I want. So it took some trial and error to achieve the setup that I needed.
My objectives:
✓ Be able to create virtual users without having to create a system account for every user.
✓ Set individually permissions and groups for each virtual user
✓ FTP users should be “chrooted”
✓ Of course R/W access
1 | aptitude update ; aptitue install proftpd |
Virtual user configuration:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 | # Virtual user login DefaultRoot ~ AuthUserFile /etc/proftpd/ftpd.passwd AuthPAM off RequireValidShell off # DNS resolv UseReverseDNS off IdentLookups off # Hide proftpd version ServerIdent off # Other ShowSymlinks on # Faking <directory var="" www="" vhosts="" example.com=""> DirFakeUser on www-data DirFakeGroup on www-data </directory> <directory var="" www="" vhosts="" example.biz=""> DirFakeUser on www-data DirFakeGroup on www-data </directory> |
Cerate virtual user:
1 2 | cd /etc/proftpd/ ftpasswd --passwd --name ftpuser01 --uid 1001 --gid=1001 --home /var/www/vhosts/example.com/ --shell /bin/false |
System user configuration:
1 2 3 4 5 | DefaultRoot ~ RequireValidShell off ShowSymlinks off RootLogin off UseFtpUsers off |
Add system user:
1 | useradd -c "ftpuser01" -u 33 -o -g 33 -d "/var/www/" -s /bin/sh "ftpuser01" |
33 is www-data Group
Change Password:
1 | ftpasswd --change-password --passwd --name=ftpuser01 |
Before you restart proftpd, you should make a syntax check:
1 | proftpd -td5 |
Alternative you can use Group File:
1 | AuthGroupFile /etc/proftpd/ftpd.group |
Create Group and add user to it:
1 | ftpasswd --group --name=ftpmember --gid=5000 --member=ftpuser01 |
Another kind of permissions:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 | <directory var="" ftp="" user1="" read=""> <limit all=""> DenyAll </limit> <limit dirs="" read=""> AllowUser user1 </limit> </directory> <directory var="" ftp="" user1="" write=""> <limit all=""> DenyAll </limit> <limit dirs="" read="" write=""> AllowUser user1 </limit> </directory> |