Sometimes we need share files on our server, with the control of permissions through users. Especially on web servers the FTP to upload files from the web that is on the server.
We will use vsftpd, is an FTP server for Unix-like systems, including Linux, and its name comes from the acronym in English Very Secure FTP Daemon. Compared to other ftp server programs, vsftpd it is built to be especially effective and very safe.
Install vsftpd
sudo apt-get install vsftpd
Setting
We will edit the vsftpd configuration file, taking into account the most important points.
nano /etc/vsftpd.conf
The parameters that we will modify:
- listen = YES : To start with the system.
- anonymous_enable = NO : We do not allow anonymous users to connect to our server. It’s for security.
- local_enable = YES : To be able to connect with local users of the server where it is installed.
- write_enable = YES : If you want users to be able to write and not just download things.
- local_umask = 022 : This mask means that every time you upload a file, its permissions are 755. It is the most typical in FTP servers.
- chroot_local_user = YES
- chroot_list_enable = YES : They serve so that local users can navigate through the entire directory tree of the server. Obviously we only want to allow this to certain users, for this we have the following parameter.
- chroot_list_file = /etc/vsftpd.chroot_list : We indicate the file where the users who can navigate up the server directories are listed, normally it is the server administrator.
Create user group for FTP
In this case the users who will connect will not have access to the server via SSHTherefore, we must give them special permissions.
sudo groupadd ftp
We create a shell ghost so they cannot enter the server console:
sudo mkdir /bin/ftp
We edit the list of shells of the system:
nano /etc/shells
We add our ghost shell:
/bin/ftp
User that will belong to the FTP group
Must create user folder on server, it will be where you will have access via FTP and we assign the correct permissions.
- mkdir / home / ftp / useroftp
- chmod -R 777 / home / ftp / useroftp
We create the user that belongs to the FTP group
sudo useradd -g ftp -d /home/ftp/usuarioftp -c "Nombre del Usuario"; usuarioftp
Let’s understand the parameters we use in the previous line:
- -g ftp = the user belongs to the ftp group.
- -d / home / ftp / useroftp = The user’s home directory is / home / ftp / useroftp.
- -c “Username” = the full name of the user.
- useroftp = the last word will be the username
We create the password for the user:
sudo passwd usuarioftp
Cage the user
This means that the user will not be able to climb in the directory hierarchy and it will only be kept in its directory.
We look for our newly created user in:
nano /etc/passwd
We copy the line that can look something like this:
usuarioftp:x:1004:118:Nombre del Usuario:/home/ftp/usuarioftp:/bin/ftp
Then we paste it in the last line of this file:
nano /etc//vsftpd.chroot_list
Once all the changes have been made, we restart the FTP server:
/etc/init.d/vsftpd restart
Now we already have a functional FTP server and with the appropriate privileges so that users can store files properly separated.
Related topics: Linux
Subscribe to Disney + for only € 8.99!