FTP locked to the webroot on ubuntu 12 with vsftpd

Sequence of events:

  1. Instal vsftpd
  2. Configure the vsftpd config file to correct upload permissions and lock user to their home directory
  3. Create an ftp user
  4. Make the then home directory of the ftp user that of the web root
  5. VSFTPD bug fix: make the webroot readonly, place a subfolder in the webroot which is writable
  6. Point apache to the new webroot

Install vsftpd

sudo apt-get install vsftpd

Configure the config file

1 – Access the config file for the vsftpd:

sudo vi /etc/vsftpd.conf

2 – Configure to the following setup. This will lock users to their home directory and ensure uploads are set to 0755 and not 0600 (meaning that the files are readable from a browser). The notes are pretty self explanitory (#notes):

#these settings essentially mean that the uploads will be uploaded with 0755 as their permissions

After making the changes to the conf file you will need to restart vsftpd for the changes to take effect

/etc/init.d/vsftpd restart

Create an ftp user

This guide should be enough to get you sorted with the creation of a new user.

https://help.ubuntu.com/community/AddUsersHowto#Command-line 

  
Make the home directory of the ftp user that of the web root
The main thing to remember here, if you haven’t done this before, is that the main details of all the users on you server are stored in a file at the following direction:

/etc/passwd

Open this file up and scroll down to the ftp user you have just created (note that this file is a ‘:’ file). The penultimate entry on your users name is the users home directory. Simple change this to the current webroot of your Apache server, eg:

ftp_user:x:1003:1004:ftp_user,,,:/var/www:/bin/bash 

VSFTPD bug fix
1 – Make the webroot readonly, place a subfolder in the webroot which is writable. This can be done in many ways, one way would be to first create the folder within www, eg ‘public_html’ then move all the existing contents into the said folder.. You can use the command line, webmin, cpanel , filezilla over an sftp connection.
The reason you have to do this is because vsftpd doesn’t allow connections into a writable directory, bug or not it is not the best but apparently is due to a security flaw..

2. Last but not least, point Apache to the new webroot you have just created. This is very dependant on your server setup. However for a straight forward setup, ie no multiple vps the file you need to change lives here:

/etc/apache2/sites-available/default

Open and edit so the top lines look like this, remember public_html is just what I named the www sub directory.. change if needed:

Now restart apache and you should be good to go

/etc/init.d/apache2 restart

    Leave a Reply

    Your email address will not be published. Required fields are marked *