Jump to content

Ftp Read/write Permissions

The Sorrow

Recommended Posts

I want to set up an FTP that has a generic user which can only download files. This user has to be password protected. I also want to create administrative users that can upload and download files, along with creating directories. I am currently using Ubuntu Server 12.04 and the daemon I'm trying to use at the moment is VSFTPD. Im open to other daemons but would prefer to use VSFTPD if possible.

Link to comment
Share on other sites

I don't know if you've checked this Ubuntu wiki, but I think it has something that you are after

I want to set up an FTP that has a generic user which can only download files.

Anonymous FTP Configuration

By default vsftpd is configured to only allow anonymous download. During installation a ftp user is created with a home directory of /home/ftp. This is the default FTP directory.

If you wish to change this location, to /srv/ftp for example, simply create a directory in another location and change the ftpuser's home directory:

sudo mkdir /srv/ftp

sudo usermod -d /srv/ftp ftp

After making the change restart vsftpd:

sudo /etc/init.d/vsftpd restart

Finally, copy any files and directories you would like to make available through anonymous FTP to /srv/ftp.


Edited by Infiltrator
Link to comment
Share on other sites

It sounds like pure-ftpd may be a better ftp daemon for this purpose vsftpd is quite easy for general ftp access for users with accounts on the machine or for anonymous ftp server but it can be awkward to do more complex setups.

With pure-ftpd's Virtual Users you should be able to have many ftp users that relate to just two accounts on the local machine. Just give all the admins one uid and the guests another. The read only local account will rely on the world part of the file system security, while the local ftp admin account will be the owner of the files. This would give you the option to have areas that only the admin accounts can access if you need it.

You should also be able to set up an upload directory where guest users can upload files but they can't be downloaded until a admin has checked them and moved them out of the upload directory.

Link to comment
Share on other sites

I'll have to check out pure-ftpd in the future. I do however currently use vsftpd to do what you're trying. Just create a new user that isn't a sudoer. From there you can issue a ps -ef | grep *new user* to verify that the server is running as the new user. You should still see one process of the server running as root though, as to my understanding every server has to have one instance of root to bind to the socket.

You can also create a new user for logins, but I'd make sure that it's not root or a sudoer as it isn't good to allow remote root/sudo logins. This user should be able to have download/upload privs safely. I personally don't use this feature, but vsftpd also supports virtual users with the PAM module.

Link to comment
Share on other sites

Well i got it figured out. Essentially what has to be done is you have to enable write and select a guest account.

then i made the directory /opt/vsftpd/FTP

i set /opt/vsftpd to chmod 444 because the new security rules require the root to be unwritable.

then i set the FTP directory to chmod 764. created an ftpadmins group and set that as the group for the folder recursively so all new subdirectories and their containing files will mirror those permissions.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Create New...