Installing FTP Ubuntu Server
What is the purpose of installing an FTP server?
The most logical answer that is usually given is the ability to send files to its server. The answer is only half exact. The sending of files can very well be done via an ssh connection with the root account. However, you will have 2 problems
- The rights on the files and files will be given to "root" which means that apache / php (identified under www-data 'will have no writing rights)
- You can not restrict access to a particular folder such as www
We will describe in this tutorial the installation of an FTP server with right apache / php
As a reminder, the change of ownership of a file file is done as follows
chown www-data: www-data / var / www
and recursively (folders + subfolders)
chown -R www-data: www-data / var / www
Installing vsftp (very secured ftp)
apt-get install vsftpd
Once vsftp installed you will need to create a user with specific rights. In order to secure the set we will use the Berkeley encrypatge library (and related tools). This one is not available in the official packages, the easiest way is to use the command wget and to install it via the command dpkg.
wget http://en.archive.ubuntu.com/ubuntu/pool/universe/d/db6.0/libdb6.0_6.0.19-3ubuntu1_amd64.debdpkg -i libdb6.0_6.0.19-3ubuntu1_amd64.debapt-get -f install
wget http://en.archive.ubuntu.com/ubuntu/pool/universe/d/db6.0/db6.0-util_6.0.19-3ubuntu1_amd64.debdpkg -i db6.0-util_6.0.19-3ubuntu1_amd64.debapt- get -f install
If the library is not up-to-date you can find the most recent in the Ubuntu universe packages:
Creating a user (ftp user)
We will create two folders
- /etc/vsftpd/users.conf/ where our user will be presented with rights and access to directories
- / etc / vsftpd / where we will create the user with his password encrypted
mkdir / etc / vsftpdmkdir /etc/vsftpd/users.confvi / etc / vsftpd / users
In this file you must fill in the username and password
adminun_mot_de_passeadmin2un_mot_de_passe2
Warning ! do not add extra line breaks
We encrypt the file
db6.0_load -T -t hash -f / etc / vsftpd / users /etc/vsftpd/users.db
Then we restrict the rights
chmod 600 / etc / vsftpd / userschmod 600 /etc/vsftpd/users.db
Finally we give access rights to the files by creating the admin file (admin2 or any other user ID chosen previously)
vi /etc/vsftpd/users.conf/admin
We fill this file as follows
anon_world_readable_only = NOlocal_root = / var / www / write_enable YESanon_upload_enable = = = YESanon_mkdir_write_enable YESanon_other_write_enable = YES
Or local_root will be the folder to which the admin user will have access
We edit the vsftpd file in the pam.d folder to give the path to the previously created users.db file (without the .db extension)
vi /etc/pam.d/vsftpd
Comment the whole file and add these two lines at the end
auth required pam_userdb.so db = / etc / vsftpd / usersaccount required pam_userdb.so db = / etc / vsftpd / users
Vsftpd configuration
Last step, just configure the vsftpd.conf file. The lines
- guest_username = www-data and nopriv_user = www-data
allow to assign www-data (the apache / php couple) as owner of the files sent via ftp
vi /etc/vsftpd.conf
You will have to activate the following elements in the vsftpd.conf file
# No anonymous access, only local usersanonymous_enable = NOlocal_enable = YES # Enables virtual users # Vsftpd actually uses the user www-dataguest_enable = YESguest_username = www-datanopriv_user = www-datawrite_enable = YES # Restricts the user to its connection folderchroot_local_user = YES # Use PAM for authenticationpam_service_name = vsftpd # Configuration by useruser_config_dir = / etc / vsftpd / users.confallow_writeable_chroot = YES
Make htaccess / htpasswd files visible
To be able to see and open the htaccess and htpasswd files visible with your ftp software, just add the following lines to the vsftpd conf file
force_dot_files = YES
Post a Comment