SSH-created FTP accounts

Only the root superuser is accessible on the server. FTP connections to root are not permitted (an unencrypted password is employed). If you want to create a new ftp user manually, but you don’t have a ISPmanager control panel on the server, follow these steps:

Download proftpd (if it is already done, miss out this step): 

Debian/Ubuntu

apt-get install proftpd 

CentOS

yum install proftpd 

Use this command if the server does not run automatically:

service proftpd start  

Restricting ftp users outside the home directory

This page takes the ProFTPd default setup, in which a user may browse directories beyond his home directory, even if he probably does not have permission to do so. If the server is nott appropriately configured, this could represent a security issue. This problem may be solved by adding the following line to your proftpd.conf file:

DefaultRoot ~ 

You can include it at the bottom of the document. Reload the ftp server after saving:

service proftpd restart  

Make a new ftp account

Shell access is not required for normal ftp users. Run the following command before establishing new users:

echo '/bin/false' >> /etc/shells  

Create a user by following these steps:

useradd username -d /home/folder_name -m -s /bin/false  

passwd username  

A free name and a proper group must be assigned and formed in place of the user name. If a directory already exists, miss out the -m key. /home/folder name as the home directory and /bin/false** as the user shell, effectively deactivating it for safety purposes.

We’ve created the user’s needed password, passwd.

*access to the shell

If you wish to grant the user shell access, instead of /bin/false, mention the way to any current shell, for example:

/bin/sh or /bin/bash

Users do not require shell access to the standard ftp protocol. Hence, it is best not to grant it.

Proftpd.conf’s location

Depending on your OS version, the proftpd.conf configuration file may be located in one of the following locations:

  • Debian: /etc/proftpd/proftpd.conf
  • CentOS: /etc/proftpd.conf
  • Ubuntu: /etc/proftpd.conf

ftp user privileges restrictions*

You may close a user’s write rights to their home directory, for example, and keep them open just for select internal folders, such as upload:

Alter the permissions as root:

chmod 555 /home/folder_name

mkdir /home/folder_name/upload

chown username:username /home/folder_name/upload

The group name is the second username**, which is the same as the username you generated by default.



Blog