How Do I Configure ProFTP for Website Update?

Question

I am running Ubuntu Server 9.10 with ProFTPD, and I also have Webmin.

I have DNS setup for 3 domains, mail setup for 3 domains, as well as Apache2 setup for those domains. They work great.

Now I want to give FTP access for an incoming user, but point them to /var/www/[domain] and have them come in as something like user "ftpuser" but want this to translate to user "www-data" so that web permissions will be correct.

What is the technique to do this?

score 5 · Accepted Answer · answered May 24 '10 at 19:31

5

Groups and SGID. user1 would have group membership in www-data and you would set everything group writable under [domain]. Set user1's home directory to /var/www/[domain]. You would also want to set the SGID on [domain] and all directories under it, which would cause permissions to be inherited. (g+s)

Be aware, user1 would have access to all Web content. You could use a different group to limit the scope of the access.

SSH (SFTP/scp) is recommended for user authentication as opposed to FTP, as the authentication credentials will be transmitted in plaintext with FTP.

answered May 24 '10 at 19:31

Warner

23,756
2
59
69

Warner -- I'm trying to match what a web hosting provider would have in this config, and without cpanel since cpanel doesn't work on Ubuntu. So, that's why I'm using straight ftp. The client does not understand SSH. But yes, it's a security gap with plain text transmission as an issue. – ServerChecker May 24 '10 at 19:35
A Web hosting provider in the '90s, maybe. SSH for authenticated file transfer has been standard for quite a while now. Either way, good luck! – Warner May 24 '10 at 19:37
A related question: http://serverfault.com/questions/144875/hide-parent-directories-during-ftp-login-on-linux – ServerChecker May 24 '10 at 21:49
Your technique worked on groups and SGID. Although ftpuser is what the files are owned by, they run in memory as www-data and when they create files they create them as www-data. This was perfect! :) – ServerChecker May 24 '10 at 21:50

score 1 · Answer 2 · answered May 24 '10 at 21:23

1

if you are familiar with webmin. why not using virtualmin & usermin ? both can make it easy for you. & based on webmin + stable. http://www.virtualmin.com/

answered May 24 '10 at 21:23

risyasin

1,574
9
16

Don't I have to pay for that? – ServerChecker May 24 '10 at 21:34
no... it's community supported, open source software on top webmin & usermin. i'm using it more than 3 years on different production servers. all of them works smooth. – risyasin May 24 '10 at 21:39
I really need to get on the ball here and learn how to use virtualmin and usermin, then. Thanks for the heads up. – ServerChecker May 24 '10 at 21:48

How Do I Configure ProFTP for Website Update?

2 Answers2