Install the proftpd packageTo install it on your Debian 5 server the following command from the command line:
sodu apt-get install proftpd-basic
Error: Couldn't find packageIf you run into this error message:
Reading package lists... Done Building dependency tree Reading state information... Done E: Couldn't find package proftpd-basicMake sure your sources.list file contains all the necessary source locations.
The sources.list can be found in Debian 5 at /etc/apt/sources.list.
Here are the entries my sources.list contains:
## main & security repositories deb http://ftp.us.debian.org/debian/ lenny main contrib non-free deb-src http://ftp.us.debian.org/debian/ lenny main contrib non-free deb http://security.debian.org/ lenny/updates main contrib non-free deb-src http://security.debian.org/ lenny/updates main contrib non-free
Here is a great source list creater tool to fix or update your sources.list in case you don't have the original one anymore.
After saving any changes to the sources.list run the:
apt-get updatecommand to update the package list. Now run the install command again.
Run as standaloneWhen the proftpd installation started successfully you get asked if you want to run the ftp-server under inetd or standalone. Selecting standalone that seems to cause the fewest problem to get the FTP server actually running. You can change this setting later in the proftpd.conf file mentioned below under ServerType.
Create a virtual FTP user and give him access to /var/www
Create a folder for the virtual user
sudo mkdir -p /home/webadmin
Set proftpd user as owner of folderThe proftpd's default user is named proftpd if you didn't changed. Make him the owner of the folder:
sudo chown -R proftpd:nogroup /home/webadmin
Get user proftpd's uid and pid
sudo grep ftp /etc/passwdLooks like:
Create the virtual FTP user
sudo ftpasswd --passwd --name=webadmin --uid=106 --gid=65534 --home=/home/webadmin --shell=/bin/false --file=/etc/proftpd/passwdResponse in the CLI:
ftpasswd: using alternate file: /etc/proftpd/passwd ftpasswd: creating passwd entry for user webadmin ftpasswd: /bin/false is not among the valid system shells. Use of ftpasswd: "RequireValidShell off" may be required, and the PAM ftpasswd: module configuration may need to be adjusted. Password: Re-type password:After the password was re-typed it says:
ftpasswd: entry created
Install PAMThen I installed PAM but I am not sure if this is really necessary:
apt-get install libpam-pwdfile
Setup the config fileNow we have to change the proftpd config file:
nano /etc/proftpd/proftpd.confFollowing stuff should be in the file:
DefaultRoot ~ RequireValidShell off AuthUserFile /etc/proftpd/passwd # VALID LOGINS <Limit LOGIN> AllowUser webadmin DenyALL </Limit> <Directory /home/webadmin> <Limit ALL> DenyAll </Limit> <Limit DIRS READ WRITE> AllowUser webadmin </Limit> </Directory>
Don't forget to restart the proftpd - daemon
/etc/init.d/proftpd restartIf you didn't change anything that was in there after the fresh install, this should be sufficient.
Give the FTP user access to /var/www directoryIf you want to give this user access to any other directory like /var/www where normally the websites of the Apache2 server are located. You can mount the folder into the /home/webadmin folder.
These are the steps.
Create a new folder:
mkdir /home/webadmin/wwwMount the desired folder to the new folder:
sudo mount --bind -r /var/www /home/webadmin/wwwNow you can login to the FTP server from any client computer by using a FTP client like FileZilla for example.
Regulate the access to read access, rather than write accessWith this setup a user has read and write access to anything under /home/webadmin. To only give read permission you could change the setting in the config file to:
<Directory /home/webadmin> <Limit ALL> DenyAll </Limit> <Limit DIRS READ> AllowUser webadmin </Limit> </Directory>