Ftp Read/write Permissions

[The Sorrow]

I want to set up an FTP that has a generic user which can only download files. This user has to be password protected. I also want to create administrative users that can upload and download files, along with creating directories. I am currently using Ubuntu Server 12.04 and the daemon I'm trying to use at the moment is VSFTPD. Im open to other daemons but would prefer to use VSFTPD if possible.

[Infiltrator]

I don't know if you've checked this Ubuntu wiki, but I think it has something that you are after

I want to set up an FTP that has a generic user which can only download files.

Anonymous FTP Configuration

By default vsftpd is configured to only allow anonymous download. During installation a ftp user is created with a home directory of /home/ftp. This is the default FTP directory.

If you wish to change this location, to /srv/ftp for example, simply create a directory in another location and change the ftpuser's home directory:

sudo mkdir /srv/ftp

sudo usermod -d /srv/ftp ftp

After making the change restart vsftpd:

sudo /etc/init.d/vsftpd restart

Finally, copy any files and directories you would like to make available through anonymous FTP to /srv/ftp.

https://help.ubuntu....ftp-server.html

Edited August 6, 2012 by Infiltrator

[The Sorrow]

i cant allow anon logins... i have stuff ive bought and wish to distribute between my friend and not amoung the public.

[Jason Cooper]

It sounds like pure-ftpd may be a better ftp daemon for this purpose vsftpd is quite easy for general ftp access for users with accounts on the machine or for anonymous ftp server but it can be awkward to do more complex setups.

With pure-ftpd's Virtual Users you should be able to have many ftp users that relate to just two accounts on the local machine. Just give all the admins one uid and the guests another. The read only local account will rely on the world part of the file system security, while the local ftp admin account will be the owner of the files. This would give you the option to have areas that only the admin accounts can access if you need it.

You should also be able to set up an upload directory where guest users can upload files but they can't be downloaded until a admin has checked them and moved them out of the upload directory.

[bobbyb1980]

I'll have to check out pure-ftpd in the future. I do however currently use vsftpd to do what you're trying. Just create a new user that isn't a sudoer. From there you can issue a ps -ef | grep *new user* to verify that the server is running as the new user. You should still see one process of the server running as root though, as to my understanding every server has to have one instance of root to bind to the socket.

You can also create a new user for logins, but I'd make sure that it's not root or a sudoer as it isn't good to allow remote root/sudo logins. This user should be able to have download/upload privs safely. I personally don't use this feature, but vsftpd also supports virtual users with the PAM module.

[The Sorrow]

Well i got it figured out. Essentially what has to be done is you have to enable write and select a guest account.

then i made the directory /opt/vsftpd/FTP

i set /opt/vsftpd to chmod 444 because the new security rules require the root to be unwritable.

then i set the FTP directory to chmod 764. created an ftpadmins group and set that as the group for the folder recursively so all new subdirectories and their containing files will mirror those permissions.