Fresh Blurbs

Chrooted FTP Access

FTP is an insecure, outdated and overall horrible protocol that you should never use yourself. Yet, sometimes you want to allow some people to upload files to your server, but you don't want them poking around your server or users demand FTP because they are used to it and have no idea what SSH/SFTP is.

Either way, following is how you "chroot" ftp users to their home folder, so they can't do any harm:

  • Download latest proftpd source to /usr/local/sources and change to that folder.
  • ./configure --sysconfdir=/etc --localstatedir=/var
  • make
  • make install
  • Edit vi /etc/proftpd.conf:

    • Change "Umask 022" to "Umask 002" #So, files they upload are group-writable
    • Uncomment "DefaultRoot ~" # this does actual chrooting
  • Make sure "/bin/false" is listed among the shells in "/etc/shells"

  • Create new unix user with "-s /bin/false"

  • Start proftpd daemon

comments powered by Disqus