Fli
05-31-2014, 01:09 PM
How to setup ProFTPd on a linux Debian server and setup user with access to one folder /var/www example.
This is simple tutorial: http://www.thomas-krenn.com/en/wiki/Setup_FTP_Server_under_Debian
The steps from tutorial are following:
install proftpd:
aptitude install proftpd
aptitude not found?
apt-get install aptitude
after proftpd installed, add this to the end of /etc/proftpd/proftpd.conf
<Global>
RequireValidShell off
</Global>
DefaultRoot ~ ftpuser
<Limit LOGIN>
DenyGroup !ftpuser
</Limit>
to reflect config change, reload & restart proftpd:
/etc/init.d/proftpd reload;/etc/init.d/proftpd restart
add group ftpuser:
addgroup ftpuser
add username of your choice and set its access to /var/www (or any other dir):
adduser daniel -shell /bin/false -home /var/www
add user to group:
adduser daniel ftpuser
this is done. might be needed to change access right of a directory you set user to connect (above /var/www), so i did:
chown daniel:daniel /var/www
Enable passive FTP connections for proftpd:
http://serverfault.com/a/478040
OR
http://unix.stackexchange.com/a/93555
I had PassivePorts 49152 65534
tried: iptables -I INPUT -p tcp --dport 49152:65534 -j ACCEPT
and:
iptables -A INPUT -p tcp --destination-port 49152:65534 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 49152:65534 -j ACCEPT
iptables -A INPUT -p tcp --sport 1024: --dport 49152:65534 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 49152:65534 -m state --state ESTABLISHED,RELATED -j ACCEPT
Here one can veriffy if port is open: http://www.portcheckers.com/
or try using only active FTP connections
This is simple tutorial: http://www.thomas-krenn.com/en/wiki/Setup_FTP_Server_under_Debian
The steps from tutorial are following:
install proftpd:
aptitude install proftpd
aptitude not found?
apt-get install aptitude
after proftpd installed, add this to the end of /etc/proftpd/proftpd.conf
<Global>
RequireValidShell off
</Global>
DefaultRoot ~ ftpuser
<Limit LOGIN>
DenyGroup !ftpuser
</Limit>
to reflect config change, reload & restart proftpd:
/etc/init.d/proftpd reload;/etc/init.d/proftpd restart
add group ftpuser:
addgroup ftpuser
add username of your choice and set its access to /var/www (or any other dir):
adduser daniel -shell /bin/false -home /var/www
add user to group:
adduser daniel ftpuser
this is done. might be needed to change access right of a directory you set user to connect (above /var/www), so i did:
chown daniel:daniel /var/www
Enable passive FTP connections for proftpd:
http://serverfault.com/a/478040
OR
http://unix.stackexchange.com/a/93555
I had PassivePorts 49152 65534
tried: iptables -I INPUT -p tcp --dport 49152:65534 -j ACCEPT
and:
iptables -A INPUT -p tcp --destination-port 49152:65534 -j ACCEPT
iptables -A OUTPUT -p tcp --source-port 49152:65534 -j ACCEPT
iptables -A INPUT -p tcp --sport 1024: --dport 49152:65534 -m state --state ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp --sport 1024: --dport 49152:65534 -m state --state ESTABLISHED,RELATED -j ACCEPT
Here one can veriffy if port is open: http://www.portcheckers.com/
or try using only active FTP connections