On the road again

Linux - Install FTP server with access to user directory only

Деталі

The article shows how to  install FTP server with access to user directory only on Debian-like systems.

We`ll use vsftpd as a FTP server.

Installation:

apt-get install vsftpd

Backup configuration file:

cp /etc/vsftpd.conf /etc/vsftpd.conf_bkp

Configuration:

Create test user with some home directory, e.g. /var/www/ltion. Now we need to assign special permissions on it since vsftpd uses chroot for isolating FTP user within home directory. FTP is generally more secure when users are restricted to a specific directory.vsftpd accomplishes this with chroot jails. When chroot is enabled for local users, they are restricted to their home directory by default. However, because of the way vsftpd secures the directory, it must not be writable by the user. This is fine for a new user who should only connect via FTP, but an existing user may need to write to their home folder if they also shell access.
In this example, "/var/www/ltion" will serve as the chroot directory and a writable "/var/www/ltion/site" directory to hold the actual files.

chown nobody:nogroup /var/www/ltion

mkdir /var/www/ltion/site

chown ltion:www-data /site/

Example of /etc/vsftpd.conf:

listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=002
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
chroot_local_user=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

 The "userlist" directives allows only users from userlist_file to be able to connect to FTP server.

Also it is a good idea to restrict local users which should only use FTP from shell login - for this we can create a special shell:

cat /bin/ftponly
#!/bin/bash
echo "This account is limited to FTP access only."

chmod a+x /bin/ftponly

After this you need to add custom shell to /etc/shellsand to set it as a default shell for the user:

sudo usermod ltion -s /bin/ftponly

After all configuration is done need to (re)start the FTP server:
systemctl restart vsftpd

Check that server listens on port 21:
netstat -antpu | grep 21
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      20623/vsftpd
Add comment

Search

Contact

alex.grudev @ gmail.com

Statistics

Користувачі
42
Статті
116
Перегляди статей
278096

© 2024 FavThemes