I already said that the most secure configuration of an FTP server would be allowing only anonymous access without write privileges. We are going to deviate from this. We are going to create two users, one that will be able only to download and another that will act as administrator, ie uploading and downloading privileges. Note, that these will be system users too
. So we have to take some extra steps in order to make the whole thing more secure.
First you have to decide where you want your FTP folder to be. I chose /home/ftp. So in the terminal type:sudo mkdir /home/ftp
Now, we need to add the users, but first let's make sure that the only thing the new users can do is log on to our FTP server. Whenever you create a new Linux user, you assign him a default shell he will be using. If you are not sure what I am talking about, take a minute to read a little bit on shells
. Using your favorite editor, open /etc/shells file and add a non existing one. I named mine "dummy" as you can see in the picture below.
The plan is to add two FTP users, one that will have both write and read access and a simple user that will only be able to download files. This way, if you want to let a friend of yours to download a file, you don't have to give him write access to your server.
Before you create the users, you must create a Group in which they will belong. By default, Linux creates a user-group with the same name as the user, but we don't want that. So in a terminal type:sudo groupadd ftp-users
And now we can add our users:
sudo useradd --home /home/ftp --group ftp-users --shell /bin/dummy ftpadmin
sudo passwd ftpadmin
After you give a password for your user, you are done. Repeat the same process for the second user. I named mine ftpguest. You can choose whatever names you want. Try to log on to the system using either one of the new users you created. If you did everything right, you should not be able to log on.
We are almost done. We only need to give our users the right permissions to the FTP directory we created above. First, we change the owner of the directory from root to ftpadmin:sudo chown -R ftpadmin /home/ftp
And then:sudo chmod 755 /home/ftp
The outcome of these two commands is that the owner of the directory (ftpadmin) will have full access to the directory and the files within and the rest of the world only read access. Do a ls -l and you should see something like the third picture (which also shows me forgetting the proper switch to the ls command :P )
You can read more on file permissions here