Fornex

By default, only the superuser root is available on the server. Connection with root via FTP is not possible for security reasons (unencrypted password is used). If you need to set up a new ftp user manually when there is no ISPmanager control panel on the server, you should do it manually:

Install proftpd (if installed, skip it):

Debian/Ubuntu

apt-get install proftpd

CentOS

yum install proftpd

If the server does not start automatically, use 

service proftpd start

Limiting ftp users outside the home directory

This article assumes the ProFTPd default configuration, in which case a user can go outside his home directory, and although he probably has no rights to access other folders, if the server is not strictly configured this might pose a security risk. You can solve this problem by adding a single line to your proftpd.conf file: 

DefaultRoot ~

You can add it to the end of the file. After saving, restart the ftp server: 

service proftpd restart

Create a new ftp user

Normal ftp users do not need to have shell access. Before creating new users, run the command: 

echo '/bin/false' >> /etc/shells

Create a user: 

useradd username -d /home/folder_name -m -s /bin/false  
passwd username

  • user_name must be replaced by a non-occupied name and an appropriate group, assigned and created the -m key can be omitted if a directory already exists home directory /home/folder_name and chose /bin/false** as the user shell, thus disabling it for security reasons

  • passwd we have created the required password for the user.

*** shell access**

If you want to give the user shell access, specify the path to any active shell instead of /bin/false, e.g: 

/bin/sh

Or 

/bin/bash

Users of the normal ftp protocol do not need shell access, so it is safer not to give it.

Position of proftpd.conf

The proftpd.conf configuration file may be in different locations, depending on your OS version:

  • Debian: /etc/proftpd/proftpd.conf

  • CentOS: /etc/proftpd.conf

  • Ubuntu: /etc/proftpd.conf

Restricting ftp user rights*

If required you can close the write permissions for a user, e.g. to the home directory and leave them only for some internal folder, e.g. upload:

As root, change the permissions:

chmod 555 /home/folder_name
mkdir /home/folder_name/upload
chown username:username /home/folder_name/upload

The second_user_name** is the group name, which by default is the same as the user name you created.

Updated Feb. 11, 2019