Install FTP server and add FTP virtual user on Ubuntu 18.04 LTS

$ apt install proftpd-basic

图1:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

At this point, enter y and press enter to continue.

图2:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

In this way, the installation of proftpd is completed.

图3:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

After the installation of proftpd on Ubuntu, the configuration file will be stored in the / etc / proftpd directory. The main profile is called proftpd.conf , other configuration files are created by proftpd.conf In this paper, we introduce the concept of “include”.

图4:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

The name of the proftpd service is called proftpd. Every time we change the proftpd configuration file, we need to restart the proftpd service.

To restart the proftpd service, you can use the following command:

$ systemctl restart proftpd

After running the restart command, check whether the proftpd service is running correctly through the following command:

$ systemctl status proftpd

图5:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

As you can see, the proftpd service is running normally.

Test proftpd service

After the installation of proftpd service, you don’t need to configure it. The default configuration can be used well. We can use the existing users in the Ubuntu system to log in to the FTP server.

图6:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

Add FTP user

Although the existing Ubuntu users can be regarded as FTP users, it is necessary to create a new FTP dedicated user. What we need to do is create new users in the Ubuntu system.

We create a new ftp2 user with the following command:

$ useradd -m ftp2

图7:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

Now set the password for the new ftp2 user:

$ passwd ftp2

图8:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

Now, enter the password and enter.

图9:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

Enter the password again and press enter.

图10:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

In this way, the password is set.

Ftp2 users can log in to the FTP service.

图11:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

FTP users are not allowed to access the system through SSH

For security reasons, we usually do not want FTP dedicated users to log in to our server through SSH. However, all new users in our system can log in to the System Using SSH, as shown in the following figure:

图12:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

To prevent them from Using SSH, we need to replace their default login shell with / bin / false.

First, open the configuration file / etc / shells with a text editor. The command is as follows:

$ ne /etc/shells

图13:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

Now, add a line / bin / false to the end of the file.

图14:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

Next, change the login shell of user ftp2 to / bin / false. The command is as follows:

$ usermod -s /bin/false ftp2

图15:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

In this way, the user ftp2 is forbidden to log in through SSH.

图16:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

But FTP login is still possible.

Restrict FTP users to see only their home directory

By default, FTP users can browse the system root directory. Although only browsing without modifying permission, it is not a good security policy to expose the root directory of the system to FTP users. At this point, chroot jail comes in handy. This is a built-in feature of proftpd, which is not turned on by default.

To open chroot jar, you need to modify / etc / proftpd/ proftpd.conf For this configuration file, the command is as follows:

$ nano /etc/proftpd/proftpd.conf

图17:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

As shown in the figure below, find a line like this:

图18:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

Delete # at the beginning of the line, change it to the figure below, and save the file.

图19:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

To restart the proftpd service after modifying the configuration file:

$ systemctl restart proftpd

图20:在ubuntu 18.04 lts上安装ftp server及添加ftp虚拟用户

Now, FTP users can only see their home directory.

Creating FTP virtual user

Most of the time, our FTP server serves the web server. For example, there is Apache in the system. We use FTP to upload files to the web directory. At this time, we hope that the owner of the uploaded file should be Apache’s www data. At this time, the role of FTP virtual user appears.

What is virtual user? Very simply, it is a user who does not appear in the system / etc / passwd file. This / etc / passwd is a text file, which stores the information of all users who can log in to the system, including their unique ID and group ID. The virtual user is defined in other files, database or LDAP server.

It’s amazing that a virtual user can have the same uid and GID as an existing user in the system, and also have the same permissions as the same uid user. At this point, you need to proftpd.conf Open the default root ~ configuration to restrict them to their own directory.

ftpasswd

To create and manage proftpd virtual users, we need to use ftpasswd, which can store the information of virtual users in / etc / proftpd/ ftpd.passwd And / etc / proftpd/ ftpd.group It’s in the file. These two files correspond to the authuserfile and authgroupfile in the proftpd configuration file.

Suppose we create an FTP virtual user with the same uid as the WWW data user, and first find its uid value

~]$ cat /etc/passwd | grep www-data
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin

As you can see, the uid of WWW data is 33, and the GID of group ID is 33.

Create two virtual users: user1 and user2

~]$ ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=user1 --uid=33 --gid=33 --home=/var/www/html/user1 --shell=/bin/false             
ftpasswd: using alternate file: /etc/proftpd/ftpd.passwd
ftpasswd: creating passwd entry for user user1

ftpasswd: /bin/false is not among the valid system shells.  Use of
ftpasswd: "RequireValidShell off" may be required, and the PAM
ftpasswd: module configuration may need to be adjusted.


Password: 
Re-type password: 

ftpasswd: entry created
~]$ ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=user2 --uid=33 --gid=33 --home=/var/www/html/user2 --shell=/bin/false
ftpasswd: using alternate file: /etc/proftpd/ftpd.passwd
ftpasswd: creating passwd entry for user user2

ftpasswd: /bin/false is not among the valid system shells.  Use of
ftpasswd: "RequireValidShell off" may be required, and the PAM
ftpasswd: module configuration may need to be adjusted.


Password: 
Re-type password: 

ftpasswd: entry created

There is a prompt in the process of creation. Let’s open the configuration item “require valid shell off”. This configuration item can be found in / etc / proftpd/ proftpd.conf Found in the configuration file.

Create a group file as follows:

~]$ ftpasswd --group --name=www-data --file=/etc/proftpd/ftpd.group --gid=33 --member user1,user2
ftpasswd: using alternate file: /etc/proftpd/ftpd.group
ftpasswd: updating group entry for group www-data
ftpasswd: entry updated

Let’s see what’s in both documents:

~]$ cat ftpd.passwd 
user1:$1$elbFOuqM$Z0FfP9GhwMLIZza4m27ie.:33:33::/var/www/html/user1:/bin/false
user2:$1$RQfV4FlC$dOVVecDeUlSpKkvwUz4dow:33:33::/var/www/html/user2:/bin/false
~]$ cat /etc/proftpd/ftpd.group 
www-data:x:33:user1,user2

Other uses of ftpasswd tool

The password is encrypted. To change the password, use the ftpasswd tool:

~]$ ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test --change-password

Ftpasswd locks and unlocks users

~]$ ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test2 --lock
~]$ ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test2 --unlock

Ftpasswd delete user

~]$ ftpasswd --passwd --file=/etc/proftpd/ftpd.passwd --name=test --delete-user

After we have the virtual user information, we need to use the / etc / proftpd/ proftpd.conf Make corresponding association with the configuration file and add the following configuration information:

DefaultRoot ~
  RequireValidShell off
  AuthUserFile /etc/proftpd/ftpd.passwd
  AuthGroupFile /etc/proftpd/ftpd.group
  AuthOrder mod_auth_file.c

Restart proftpd background service

~] systemctl restart proftpd.service

Encountered 530 login incorrect problem

If you encounter 530 login error when logging in with FTP client, you cannot log in to FTP service. You can open / var / log / proftpd on the server/ proftpd.log Log file, you may see the information of user not found. At this time, you may forget to add author mod to the configuration file_ auth_ File. C is the line of information.

Related Article
WordPress 3D rotating tag cloud

This 3D tag cloud is not the flash version of WP cumulus n years ago. This 3D rotating tag cloud Read more

Using wampserver tool to build local PHP + MySQL environment

No matter whether we use domestic space or foreign hosts, we prefer to go online after local debugging before setting Read more

How to install Linux system on Android phone

In our daily use of Android mobile phones, the installation of a complete Linux system will make mobile phones become Read more

How to backup your website data with Android phone

No matter what you do, backup is very necessary and important. Backup is just in case. Most of the time, Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

*
To prove you're a person (not a spam script), type the security word shown in the picture.
Anti-spam image