SSH-created FTP accounts
Only the root superuser is accessible on the server. FTP connections to root are not permitted (an unencrypted password is employed). If you want to create a new ftp user manually, but you don’t have a ISPmanager control panel on the server, follow these steps:
Download proftpd (if it is already done, miss out this step):
apt-get install proftpd
yum install proftpd
Use this command if the server does not run automatically:
service proftpd start
Restricting ftp users outside the home directory
This page takes the ProFTPd default setup, in which a user may browse directories beyond his home directory, even if he probably does not have permission to do so. If the server is nott appropriately configured, this could represent a security issue. This problem may be solved by adding the following line to your proftpd.conf file:
You can include it at the bottom of the document. Reload the ftp server after saving:
service proftpd restart
Make a new ftp account
Shell access is not required for normal ftp users. Run the following command before establishing new users:
echo '/bin/false' >> /etc/shells
Create a user by following these steps:
useradd username -d /home/folder_name -m -s /bin/false
A free name and a proper group must be assigned and formed in place of the user name. If a directory already exists, miss out the -m key. /home/folder name as the home directory and /bin/false** as the user shell, effectively deactivating it for safety purposes.
We’ve created the user’s needed password, passwd.
*access to the shell
If you wish to grant the user shell access, instead of /bin/false, mention the way to any current shell, for example:
/bin/sh or /bin/bash
Users do not require shell access to the standard ftp protocol. Hence, it is best not to grant it.
Depending on your OS version, the proftpd.conf configuration file may be located in one of the following locations:
- Debian: /etc/proftpd/proftpd.conf
- CentOS: /etc/proftpd.conf
- Ubuntu: /etc/proftpd.conf
ftp user privileges restrictions*
You may close a user’s write rights to their home directory, for example, and keep them open just for select internal folders, such as upload:
Alter the permissions as root:
chmod 555 /home/folder_name
chown username:username /home/folder_name/upload
The group name is the second username**, which is the same as the username you generated by default.