FTP SETUP
I set everything up with vsftpd
Install
As root
apt-get install vsftpd libpam-pwdfile
Edit /etc/vsftpd.conf
, comment out everything and put this at the bottom:
# CUSTOM FOR EXAMPLE "ACME"
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/home/wwwgeneral/sites/acme_dropbox/acme_dropbox
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES
#virutal user settings
user_config_dir=/etc/vsftpd_user_conf
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd
# Enable passive mode
pasv_enable=YES
pasv_max_port=12100
pasv_min_port=12000
port_enable=YES
pasv_address=52.22.81.201
This setup allows us to create virtual users to point to various directories under the website dir /home/wwwgeneral/sites/acme_dropbox/acme_dropbox
Also the pasv_address
IP should be the static ip of the server.
Create the FTP parent user in the www-data group (so apache and the ftp user can edit the same folders)
useradd --home /home/vsftpd --gid www-data -m --shell /bin/false vsftpd
Create a virtual user (first time)
mkdir /etc/vsftpd
htpasswd -cd /etc/vsftpd/ftpd.passwd [username]
Setup PAM config to user our username/password system
nano /etc/pam.d/vsftpd
Comment out this file and put in so our virttual users can log in
auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so
Virtual user configs will live in /etc/vsftpd_user_conf/
so each user needs a file here, e.g. /etc/vsftpd_user_conf/user1
vim /etc/vsftpd_user_conf/user1
local_root=/home/wwwgeneral/sites/acme_dropbox/acme_dropbox/foobar
Restart FTP
service vsftpd restart
Create additional users
Create the user and password for user2
htpasswd -d /etc/vsftpd/ftpd.passwd user2
Create the config
vim /etc/vsftpd_user_conf/user2
local_root=/home/wwwgeneral/sites/acme_dropbox/acme_dropbox/foobar
Restart
service vsftpd restart
Remove user
vim /etc/vsftpd/ftpd.passwd
Delete the user
rm /etc/vsftpd_user_conf/[user]
Restart
service vsftpd restart
For Longer than 8 Char passwords
htpasswd -c -p -b /etc/vsftpd/ftpd.passwd user1 $(openssl passwd -1 -noverify password)
PERMISSIONS
We need to make sure acme_dropbox creates folders with the correct permissions
Since our ftp user is in www-data and so is apache we can set group permissions recursively
setfacl -R -d -m u::rwx acme_dropbox
setfacl -R -d -m g::rwx acme_dropbox