Header Ads Widget

Cài đặt FTP Server With ProFTPd trên Ubuntu

Một phần mềm quản lý tài khoản FTP trên Ubuntu

Cài đặt

Update the system.

sudo apt-get update

Cài đặt proftpd

apt-get install proftpd
File cấu hình thiết lập ProFTPd ở đường dẫn /etc/proftpd/proftpd.conf. Other configuration files are included in the proftpd.conf file.

Khởi động lại:
systemctl restart proftpd
Kiểm tra trạng thái
systemctl status proftpd

Thêm mới tài khoản

As ProFTPd lets the existing users of your Ubuntu machine to login in to your FTP server, to add new FTP users, all you have to do is to add new login users in your Ubuntu machine.
useradd -m ftp2

Tạo mật khẩu
passwd ftp2

Tắt SSH Access to FTP Users:

For security reasons, you may not want your FTP user to login to your FTP server via SSH.

By default, all the users you create on your server are allowed to have SSH access as you can see in the screenshot below

To disable SSH access, you have to change the default login shell to /bin/false.

First, open /etc/shells configuration file of your server with the following command:
nano /etc/shells

Now, add /bin/false at the end of the file and save the file by pressing <Ctrl> + x followed by y and <Enter>.

Now, change the shell of the user (let’s say, ftp2) to /bin/false with the following command:

$ sudo usermod -s /bin/false ftp2

As you can see, ftp2 user can no longer login via SSH. But, FTP access will still work.

Chroot Users into Their Home Directories:

By default, the FTP users can navigate to the root directory as well. Even though they can’t make any changes to files and directories they don’t have permissions to. But, it’s still a bad idea to let them explore the root directory freely. This is where chroot jail comes in. It’s a built in feature of ProFTPd. It is disabled by default.

To enable chroot jail, first, open the ProFTPd configuration file /etc/proftpd/proftpd.conf with the following command:

nano /etc/proftpd/proftpd.conf

Now, find the line as marked in the screenshot below.

Now, uncomment the line by removing the # symbol. The final configuration file should look as follows. Now, save the file by pressing <Ctrl> + x followed by y and <Enter>.

Now, restart the proftpd service with the following command:

systemctl restart proftpd

Now, the FTP users will only be able to explore their own home directories

Nhận xét