How To Install And Customize ProFTPd on Linux

Installation

For Debian-based systems execue commands:

user@localhost: ~ sudo apt update

Optionally:

user@localhost: ~ sudo apt upgrade

Install the latest version for your distribution you can with the following commmand:

user@localhost: ~ sudo apt-get install proftpd

During installation process system will ask how do you want your server to work. Choose standalone

Customization

Open in the editor the configuration file:

user@localhost: ~ sudo nano /etc/proftpd/proftpd.conf

If you need an isolated environment for each account you have to find and uncomment the line:

DefaultRoot ~ so that users could not leave the home directory

RootLogin off

The root user will not be able to log into the server. If there is not this entry you can add it. Allow Overwrite on overwriting files is allowed

Here the easiest setting is over. Restart the server:

etc/init.d/proftpd restart

Creation of user’s accounts

Add virtual users: first you need to create a file with users:

ftpasswd — -passwd — -file=/etc/proftpd/ftpd.passwd — -name=test — -uid=90 — -gid=90 — -home=/var/www/my_beautiful_site — -shell=/bin/false

Create a user “test” with uid and gid 90, his home directory will be /var/www/my_beautiful_site, shell /bin/false. If you specify group and user id you’ll can avoid problems with file permissions. For example, 90 will be default for Apache user (www-data)

As a result we will get the ftpd.passwd file with such context:

test:$3ret732fghaF$Jsdfrterethfdfg/HrRE.:90:90::/var/www/my_beautiful_site:/bin/false

You can use this command to change the user’s password:

ftpasswd — -passwd — -name=test — -change-password —file /etc/proftpd.passwd

For AuthGroupFiles, use —group:

ftpasswd —group —name=group-name —gid=group-id —member=user-member1 \ —member=user-member2 … —member=user-memberN

Make sure that the value is. RequireValidShell off, otherwise the virtual user will not be able to log in. Do not check if you use shell. AuthUserFile /etc/proftpd/ftpd.passwd: Path to the file with user’s list

If you need Access only for virtual users

AuthOrder mod_auth_file.c

Restart the proftpd service.

user@localhost: ~ sudo systemctl restart proftpd

Open in firewall FTP service for access

if you have firewalld you need to execute these commands:

user@localhost: ~ sudo firewall-cmd --zone public --add-service=ftp user@localhost: ~ sudo firewall-cmd --runtime-to-permanent

For iptables before prohibiting rules insert such line: (Strongly depends on current settings, before adding look for already existing rules using command iptables -nvL –line ):

user@localhost: ~ sudo modprobe ip_conntrack_ftp
user@localhost: ~ sudo nano /etc/modules

Add line:

ip_conntrack_ftp

user@localhost: ~ sudo iptables -I INPUT 3 -p tcp --dport 21 -j ACCEPT
user@localhost: ~ sudo iptables -A OUTPUT -p tcp -m tcp --dport 21 -m conntrack --ctstate

NEW,ESTABLISHED -j ACCEPT

user@localhost: ~ sudo iptables -I INPUT 3 -p tcp -m tcp --dport 20 -m conntrack --ctstate

ESTABLISHED,RELATED -j ACCEPT

user@localhost: ~ sudo iptables -A OUTPUT -p tcp -m tcp --dport 20 -m conntrack --ctstate

ESTABLISHED -j ACCEPT

user@localhost: ~ sudo iptables -I INPUT 3 -p tcp -m tcp --sport 1024: --dport 1024: -m conntrack

--ctstate ESTABLISHED -j ACCEPT

user@localhost: ~ sudo iptables -A OUTPUT -p tcp -m tcp --sport 1024: --dport 1024:

Conntrack –ctstate ESTABLISHED,RELATED -j ACCEPT

Was this article helpful?

Related Articles

Leave A Comment?