Step 3: Create the FTP users.

I already said that the most secure configuration of an FTP server would be allowing only anonymous access without write privileges. We are going to deviate from this. We are going to create two users, one that will be able only to download and another that will act as administrator, ie uploading and downloading privileges.  Note, that these will be system users too. So we have to take some extra steps in order to make the whole thing more secure.

First you have to decide where you want your FTP folder to be. I chose /home/ftp. So in the terminal type:

sudo mkdir /home/ftp

Now, we need to add the users, but first let's make sure that the only thing the new users can do is log on to our FTP server. Whenever you create a new Linux user, you assign him a default shell he will be using. If you are not sure what I am talking about, take a minute to read a little bit on shells . Using your favorite editor, open /etc/shells file and add a non existing one. I named mine "dummy" as you can see in the picture below.

The plan is to add two FTP users, one that will have both write and read access and a simple user that will only be able to download files. This way, if you want to let a friend of yours to download a file, you don't have to give him write access to your server.

Before you create the users, you must create a Group in which they will belong. By default, Linux creates a user-group with the same name as the user, but we don't want that. So in a terminal type:

sudo groupadd ftp-users

And now we can add our users:

  sudo useradd --home /home/ftp --group ftp-users --shell /bin/dummy ftpadmin

 sudo passwd ftpadmin

After you give a password for your user, you are done. Repeat the same process for the second user. I named mine ftpguest. You can choose whatever names you want. Try to log on to the system using either one of the new users you created. If you did everything right, you should not be able to log on.

We are almost done. We only need to give our users the right permissions to the FTP directory we created above. First, we change the owner of the directory from root to ftpadmin:

sudo chown -R ftpadmin /home/ftp

And then:

sudo chmod 755 /home/ftp

The outcome of these two commands is that the owner of the directory (ftpadmin) will have full access to the directory and the files within and the rest of the world only read access. Do a ls -l and you should see something like the third picture (which also shows me forgetting the proper switch to the ls command :P )

You can read more on file permissions here
<p>Many thanks to you</p>
<p>Step 4 where you say </p><p>&quot;. . . method is known as &quot;Root jail&quot; and it uses the <a href="http://en.wikipedia.org/wiki/Chroot" rel="nofollow">chroot command</a>. Check the picture below and change your own file accordingly . . .&quot;</p><p>confuses me - there is no relevant picture to this, so don't know what to do here</p>
<p>Yes, you are quite right :)<br><br>I meant the picture above. Check the annotations to the picture and if you still have a problem let me know.</p>
<p>Did this and i created 2 users, ftpadmin and ftpguest, but i can only login to the ftp using ftpguest. Can you explain why this is happening?</p>
<p>Does it give you any particular message when you try to log on as admin? My first thought would be a wrong password. The process is pretty straight forward, I don't see where you could have gone the wrong way.</p>
<p>Works great.</p>
Thank you!<br>Here a few more tips on how to install and change the default port ... <a href="http://gadelkareem.com/2012/02/27/configuring-vsftpd-on-centos-with-different-port/" rel="nofollow" title="Configuring vsFTPd on CentOS with different port">Configuring vsFTPd on CentOS with different port</a><br>
Thank you very much. It will definately be handy for those who do not wish to use default port 22. :)

About This Instructable


13 favorites


More by rosenred: VSFTPD Installation & Setup on Ubuntu
Add instructable to: