Set up FTP server

From LQWiki
Jump to navigation Jump to search
Author: Sag47 (talk, contrib)


This covers how to get an FTP server for networks to work under Linux, and various information about other servers and applications which go along with them.

FTP Server: proftpd instructions

Assumptions

I'm going to make a few assumptions:

  • You have apache2 already installed (and maybe php5/mysql-server-5.1/mysql-client-5.1 but not required)
  • You have a new to intermediate level of terminal knowledge (basics such as cd dirs and whatnot)
  • Your apache web user is www-data like mine is (cat /etc/passwd | grep www)
  • You are running all commands as root. Emulate a root login by typing "sudo bash" so you don't have to type the stupid sudo command a bunch.

Install proftpd

Okay lets get started with FTP! Install proftpd. If asked about running from inetd or standalone then choose standalone.

Debian/Ubuntu based install command.

sudo apt-get install proftpd

You can stop, start, get the status, and more from the following command.

/etc/init.d/proftpd
# start server
/etc/init.d/proftpd start
# stop server
/etc/init.d/proftpd stop

Since proftpd is located in /etc/init.d/ it will autostart when the system starts up.

Setup proftp to use system users

For the server and port settings you need to modify proftpd.conf which is located in /etc/ or /etc/proftpd/. Lets pretend we don't know where it is at all and search for it.

cd /
#Here's two ways to find it
find . -type f -name "proftpd.conf"
find . | grep proftpd.conf

Modify your proftpd.conf and change any port settings or anonymous logins you wish and restart the server....

vim /etc/proftpd/proftpd.conf

You should uncomment the following lines in proftpd.conf

#if your machine is IPv4 only
UseIPv6 off
#jail all users in their homes
DefaultRoot ~
#user does not require a valid shell to login
RequireValidShell off

#at the end of the file add the following...

# Allow users from a group to login
MaxLoginAttempts 5
<Limit LOGIN>
  AllowGroup ftpusers
  DenyALL
</Limit>

Create an ftpusers group so that any user in the ftpusers group can login to their home via ftp.

groupadd ftpusers

Give existing users FTP access

Add any existing users you wish to have ftp access to the ftpusers group.

#my username is sam and I'm going to add myself
usermod -a -G ftpusers sam

#check to ensure the user was added to group
groups sam

Set up your user webadmin to upload files to /var/www

Create your webadmin user (without a shell login) so that they may only login using ftp. Set their home to /var/www.

#setup user webadmin
useradd webadmin -d /var/www -s /bin/false

#set password for webadmin
passwd webadmin

Add the user webadmin to the ftpusers group and give webadmin ownership to /var/www.

usermod -a -G ftpusers webadmin
chown -R webadmin\: /var/www
chmod -R 755 /var/www
groups webadmin

#check the ownership and permissions of /var/www
ls -lah /var | grep www

Alternatively if you're using the PHP copy function you'll want to give ownership of /var/www to www-data (the apache user) and allow webadmin to modify the files and folders within.

usermod -a -G www-data webadmin
chown -R www-data\: /var/www
chmod -R 775 /var/www
groups webadmin
ls -lah /var | grep www

Troubleshooting proftpd

#check to see if proftpd is running
/etc/init.d/proftpd status
#if it is not running then check for processes using port 21
netstat -anp | grep 21
#use the kill command to kill a process based on it's PID and retry

Documentation Sources

http://www.proftpd.org/ - website

http://www.proftpd.org/docs/ - documentation

http://www.proftpd.org/docs/howto/Limit.html - Limits section in proftpd.conf

FTP Clients

Here is a comprehensive list of FTP Clients available to distros which users may have on your network.

Name Linux Mac OS X Windows Other
CrossFTP Y Y Y Y
FileZilla FTP Client Y Y Y Y
FileZilla Portable N N Y N
FireFTP Y Y Y Y
Kasablanca Y N N N
KBear Y N N N
Nautilus Y N N N
WinSCP N N Y N
WinSCP Portable N N Y N

See also