A simple to use and very popular FTP server is
proftpd basic. How to install this FTP server, create an user that has only access via FTP and give him access to a desired directory like /var/www is the context of this article. Although this might work for any kind of Linux like RedHead, Ubuntu, SuSe etc. the instructions are tested for the Linux distribution Debian 5 Lenny.
Install proftpd
Install the proftpd package
To install it on your Debian 5 server the following command from the command line:
sodu apt-get install proftpd-basic
Error: Couldn't find package
If you run into this error message:
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package proftpd-basic
Make sure your sources.list file contains all the necessary source locations.
The sources.list can be found in Debian 5 at /etc/apt/sources.list.
Here are the entries my sources.list contains:
## main & security repositories
deb http://ftp.us.debian.org/debian/ lenny main contrib non-free
deb-src http://ftp.us.debian.org/debian/ lenny main contrib non-free
deb http://security.debian.org/ lenny/updates main contrib non-free
deb-src http://security.debian.org/ lenny/updates main contrib non-free
Here is a great
source list creater tool to fix or update your sources.list in case you don't have the original one anymore.
Important!
After saving any changes to the sources.list run the:
apt-get update
command to update the package list. Now run the install command again.
Run as standalone
When the proftpd installation started successfully you get asked if you want to run the ftp-server under inetd or standalone. Selecting standalone that seems to cause the fewest problem to get the FTP server actually running. You can change this setting later in the proftpd.conf file mentioned below under ServerType.
Create a virtual FTP user and give him access to /var/www
Create a folder for the virtual user
sudo mkdir -p /home/webadmin
Set proftpd user as owner of folder
The proftpd's default user is named proftpd if you didn't changed. Make him the owner of the folder:
sudo chown -R proftpd:nogroup /home/webadmin
Get user proftpd's uid and pid
sudo grep ftp /etc/passwd
Looks like:
proftpd:x:106:65534::/var/run/proftpd:/bin/false
Create the virtual FTP user
sudo ftpasswd --passwd --name=webadmin --uid=106 --gid=65534 --home=/home/webadmin --shell=/bin/false --file=/etc/proftpd/passwd
Response in the CLI:
ftpasswd: using alternate file: /etc/proftpd/passwd
ftpasswd: creating passwd entry for user webadmin
ftpasswd: /bin/false is not among the valid system shells. Use of
ftpasswd: "RequireValidShell off" may be required, and the PAM
ftpasswd: module configuration may need to be adjusted.
Password:
Re-type password:
After the password was re-typed it says:
ftpasswd: entry created
Install PAM
Then I installed PAM but I am not sure if this is really necessary:
apt-get install libpam-pwdfile
Setup the config file
Now we have to change the proftpd config file:
nano /etc/proftpd/proftpd.conf
Following stuff should be in the file:
DefaultRoot ~
RequireValidShell off
AuthUserFile /etc/proftpd/passwd
# VALID LOGINS
<Limit LOGIN>
AllowUser webadmin
DenyALL
</Limit>
<Directory /home/webadmin>
<Limit ALL>
DenyAll
</Limit>
<Limit DIRS READ WRITE>
AllowUser webadmin
</Limit>
</Directory>
Don't forget to restart the proftpd - daemon
/etc/init.d/proftpd restart
If you didn't change anything that was in there after the fresh install, this should be sufficient.
Give the FTP user access to /var/www directory
If you want to give this user access to any other directory like /var/www where normally the websites of the Apache2 server are located. You can mount the folder into the /home/webadmin folder.
These are the steps.
Create a new folder:
mkdir /home/webadmin/www
Mount the desired folder to the new folder:
sudo mount --bind -r /var/www /home/webadmin/www
Now you can login to the FTP server from any client computer by using a FTP client like
FileZilla for example.
Regulate the access to read access, rather than write access
With this setup a user has read and write access to anything under /home/webadmin. To only give read permission you could change the setting in the config file to:
<Directory /home/webadmin>
<Limit ALL>
DenyAll
</Limit>
<Limit DIRS READ>
AllowUser webadmin
</Limit>
</Directory>