Choose language

Portal Home > Knowledgebase > How-to > Hosting > FTP > Customize proftpd server


Customize proftpd server




The tutorial below describes how to configure a proftpd server on our servers installed from the „FTP Accounts” tab with custom configuration. By default all additional accounts have access to all your files under your downloads directory and only READ permission so they can't upload anything to your ftp.

To edit your proftpd configuration please login to your service SSH, here is an article how to do this:

http://www.seedhost.eu/whmcs/knowledgebase.php?action=displayarticle&catid=36&id=54

 

Changing the directory path where users will have an access.

Firstly you need to edit the following file:

~/software/proftpd/etc/ftpd.passwd

Before you edit the file you need to add the write permission to it, otherwise you will get a permission error:

chmod +w ~/software/proftpd/etc/ftpd.passwd

Type the following command to edit the file:

nano ~/software/proftpd/etc/ftpd.passwd

You will see something like this:

server:$1$etP95Zg8$RzMSLwfXD2d5BXuz/VfNu.:1000:1000::/home/server:/bin/false

testftp:$1$WjNTpvHw$0jyWGI.w5MkB0ihi.Vt2M/:5001:5001::/home/server/downloads:/bin/false

Each user has his own line with a path where he will log in via ftp. To change his path you need to edit his line and change:

/home/testftp/downloads

to your custom path, for example we will grant a user testftp access to the ftpaccounts directory under the downloads path so the line should look like:

testftp:$1$WjNTpvHw$0jyWGI.w5MkB0ihi.Vt2M/:5001:5001::/home/server/downloads/ftpaccounts:/bin/false

 To save changes press F3 and ENTER to confirm, then to exit press F2.

IMPORTANT! The directory which you want to grant access to must exist physically on the server, otherwise the user won't be able to log in.

 

Now your user will log in to the default path which you configured for him but he will be able to go to an upper path which is your downloads. To block such access you need to block users' access to your downloads path so that they can have access to your custom path only under your downloads.

type the following command via SSH:

nano ~/software/proftpd/etc/proftpd.conf

Now you need to find a similar line:

<Directory /yourhome/yourusername/downloads>

Edit this line to:

<Directory /yourhome/yourusername/downloads/*>

To save changes press F3 and ENTER to confirm, then to exit press F2.

To make changes in your configuration you need to restart your ftp server now. After a restart additional ftp accounts will have an access to your custom path without access to your downloads.

 

 

You can restrict access to different paths for each user. For example one user can have access to the ftpaccount1 directory under your downlaods and another user to ftpaccount2 directory. Each user can have different permissions as well.

Firstly edit the following file:

~/software/proftpd/etc/ftpd.passwd

and change the user access path as described above in „Changing directory path where users will have an access”

Type the following command:

nano ~/software/proftpd/etc/ftpd.passwd

Now edit the following file:

~/software/proftpd/etc/proftpd.conf

Type the following command:

nano ~/software/proftpd/etc/proftpd.conf

Now add to the end of file:

<Directory /home/yourusername/downloads/custompath> 
<Limit STAT LSTAT DIRS READ>
AllowUser user
</Limit>
</Directory>

change the line:

<Directory /home/yourusername/downloads/custompath>

to a path where a user should have an access only.

Now change the line:

AllowUser user

where a user should be a username for an ftp account with access to the path configured in the previous step.

Now to save changes to file press F3 and ENTER to confirm. Now F3 to exit.

Restart FTP server to make your changes work.

 

Below you can find an example of configuration for a user „ftpacc1” with access to the „ftpaccess” path under the downloads path:

<Directory /home/yourusername/downloads/ftpaccess> 
<Limit STAT LSTAT DIRS READ>
AllowUser ftpacc1
</Limit>
</Directory>

You can change permission for each user path, just edit the line:

<Limit STAT LSTAT DIRS READ>

Add there any permission you want to grant for a given user. If you want to give the write permission just add WRITE to the line:

<Limit STAT LSTAT DIRS READ WRITE>



Grant WRITE permission so that users will be able upload to your ftp.

You need to edit the following file:

~/software/proftpd/etc/proftpd.conf

Type the following command:

nano ~/software/proftpd/etc/proftpd.conf

Find:

<Directory /home/yourusername/downloads/*> 
<Limit STAT LSTAT DIRS READ>
AllowAll
</Limit>
</Directory>

Just add WRITE to the <LIMIT> line so that it will look like:

<Limit STAT LSTAT DIRS READ WRITE>

To save changes press F3 and ENTER to confirm, then to exit press F2.

NOTE: If you grant the WRITE permission you will grant the following permissions :

APPE, DELE, MKD, RMD, RNTO, STOR, STOU, XMKD, XRMD

It means that additional users can upload but they can also delete now.

If you don't want to give the delete permission, you need to add all permissions except DELE instead of WRITE so that it should look like:

<Limit STAT LSTAT DIRS READ APPE MKD RMD RNTO STOR STOU XMKD XRMD >

Here is more info about limits:

http://www.proftpd.org/docs/howto/Limit.html

You need to restart the ftp server to make changes work.



Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
How to use FXP - FTPRush (Views: 11734)

Powered by WHMCompleteSolution