Navigate
X
    admin
  • 8 years ago
    • Categories: Linux

How to create FTP user with specific directory access in 7 easy steps

This post describes How we can  create FTP user with specific directory access. This enables us to restrict the user to only be able to do anything within that folder.

So lets create FTP user with specific directory access:

Step 1: Firstly you need to setup an FTP server. Please check this guide for the same.

Step 2: Change “chroot_local_user” to YES.

change below parameter in “/etc/vsftpd/vsftpd.conf” to YES. Un-hash it if its hashed.

chroot_local_user=YES

Step 3: Restart the FTP service.

[root@RHEL2]# service vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]
[root@RHEL2]#

Step 4: Create directory for FTP.

[root@RHEL2 ~]# mkdir /var/ftp_home

Step 5: Create ftp user and set password for the same user.

[root@RHEL2 ~]# useradd ftpuser
[root@RHEL2 ~]# passwd ftpuser
Changing password for user ftpuser.
New password:
BAD PASSWORD: it is based on your username
Retype new password:
passwd: all authentication tokens updated successfully.
[root@RHEL2 ~]#

Step 6: Change ownership for the directory and set it up as it default home directory.

[root@RHEL2 ~]# chown ftpuser:ftpuser /var/ftp_home

[root@RHEL2 ~]# usermod -d /var/ftp_home/ ftpuser

Step 7: Change FTP users shells to  nologin if you want to only perform ftp operation. This makes user to unable to logon to server via ssh or telnet.

[root@RHEL2 ftp_home]# usermod -s /sbin/nologin ftpuser

Recheck it using below command that users home and shell is modified.

[root@RHEL2 ~]# cat /etc/passwd|grep ftpuser
ftpuser:x:506:509::/var/ftp_home/:/sbin/nologin

Testing:

Try to login from other system with below command (for logout use bye command):

[root@rhel1 ftp_dump]# ftp 192.168.216.135
Connected to 192.168.216.135 (192.168.216.135).
220 (vsFTPd 2.2.2)
Name (192.168.216.135:root): ftpuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,216,135,228,49).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Jan 01 20:47 12
-rw-r--r-- 1 0 0 0 Jan 01 20:47 4
-rw-r--r-- 1 0 0 0 Jan 01 20:47 5
226 Directory send OK.
ftp> bye

Since we have assigned nologin shell to user he cannot login to system.

[root@rhel1 ]# ssh ftpuser@192.168.216.135
ftpuser@192.168.216.135's password:
This account is currently not available.
Connection to 192.168.216.135 closed.
[root@rhel1 ]#

 

 
Related Post
  1. TorGuard VPN review: Overview , Pricing of the product!!

    This is review post for Torguard VPN which has features and pricing details for Tor…

  2. What is Linux standard input output error and how to redirect stdout and stderr to file in Linux

    This article will quickly guide you about Linux standard input output error.Also we will learning…

  3. Quick Guide for Linux user access control list (ACL) Vlog

    In this video we are going to learn about Linux Access control list or Linux…