Installation of the required proftpd Package
ProFTPd FTP-Server was used for this introduction because of its simply installation and configuration.
aptitude install proftpd
If the package cannot be found, update the local list of packages using:
If the package still cannot be installed after that, check the /etc/apt/sources.list on the appropriate Debian mirror server.1Y0-A20 You will find more information about this in the article, Debian Mirror.
Indicate in the subsequent inquiry whether the FTP server should act as a standalone server (standalone) or as a service of inetd. In this example, the standalone option has been selected.
Adjusting the Configuration
Our configuration assumes that we will login using system users found in the ftpuser group.
In order to adjust the configuration to your needs, edit the /etc/proftpd/proftpd.conf file.
If you are not using IPv6, this feature should be deactivated first:
After that, we will add the CCNP 642-902following instruc tion at the end of the file:
<Global> RequireValidShell off </Global> DefaultRoot ~ ftpuser <Limit LOGIN> DenyGroup !ftpuser </Limit>
What do the instructions mean?
As a first step, we told ProFTPd that users wanting to login do not need a shell. Afterwards, we instructed ProFTPd to lock users in their home directory using DefaultRoot. Finally, we specified that only those users who are members of the ftpuser group could login.
We will now restart our FTP server so that our configuration takes effect:
Then, we will create the ftpuser group and a first user that will be able to login.
Now, we create the user:
adduser ftpbenutzer -shell /bin/false -home /var/www
Finally, we assign the user to the ftpuser group:
adduser ftpbenutzer ftpuser
That’s everything. You should now be able to login with the user via FTP.
By adding the following section to the etc/proftpd/proftpd.conf file, you will also give anonymous users (read) access to the FTP area:
. . . <Anonymous ~ftp> User ftp Group nogroup # We want clients to be able to login with "anonymous" as well as "ftp" UserAlias anonymous ftp # Cosmetic changes, all files belong to ftp user DirFakeUser on ftp DirFakeGroup on ftp RequireValidShell off # Limit the maximum number of anonymous logins MaxClients 10 # We want 'welcome.msg' displayed at login, and '.message' displayed # in each newly chdired directory. DisplayLogin welcome.msg DisplayFirstChdir .message # Limit WRITE everywhere in the anonymous chroot <Directory *> <Limit WRITE> DenyAll </Limit> </Directory> # # Uncomment this if you're brave. # # <Directory incoming> # # # Umask 022 is a good standard umask to prevent new files and dirs # # # (second parm) from being group and world writable. # # Umask 022 022 # # <Limit READ WRITE> # # DenyAll # # </Limit> # # <Limit STOR> # # AllowAll # # </Limit> # # </Directory> </Anonymous> . . .
To make sure, that user “ftp” is able to login anonymously to ftp-space, you have to add the user to the group “ftpuser”:
adduser ftp ftpuser
Re-loading the Configuration and Re-starting the FTP Server
The configuration will have to be re-loaded after the adjustments to the /etc/proftpd/proftpd.conf file:
Because the FTP server will be stopped when re-loading the configuration, it will also have to be re-started afterwards: