I want to install on my server CentOS 6.7 system, which has Apache’s virtual hosts, a ProFTP server (using SSH FTP), so I can have a user to access the files on such virtual host only.
For example, thru FileZilla, the user ftpsecure will connect to virtualhost www dot mydomain dot org (located in IP 1.2.3.4) thru port 3303 (for example). And this user will only see the files in virtual host www dot mydomain dot org.
I suppose the ftpsecure user already exists in the CentOS 6.7 system, and is part of the ftpusers group, and has NO shell and no home dir.
If it is possible, please explain how to install and config the security files (PAM or SSL or whatever is correct).
If am I saying something inaccurate, please forgive me, ;D
Thank you very much!!!
Long titles are great and much appreciated! No need for apology, in fact it is the opposite.
I just published the article on how to setup ProFTPD FTP server on CentOS 7. I understand that your server is CentOS 6 but I though since it is quite old already why to waste time and instead write about CentOS 7 and then simply point out the differences.
As it turns out the setup of ProFTPD FTP server on CentOS 7 and CentOS 6 is exactly the same. The only difference is the way how you open firewall port. On CentOS 6 you still need to use iptables whereas on CentOS 7 we can use firewall-cmd command.
Scenario:
I’m assuming that we need to get FTP running on host ftp.example.com on port 3303. That we need a single user e.g. luna to access directory /var/www/html/my-site. I’m also assuming that the port 3303 is already opened hence firewall is not blocking incoming packets to this port.
Configure ProFTPD ftp server to lissten on port 3303 instead of default port 21:
# echo "Port 3303" >> /etc/proftpd.conf
# service proftpd restart
At this point do not setup passive FTP mode yet. Make sure that your FTP is set to create “active” FTP connection. If you do setup passive ftp mode make sure that your firewall carters for additional incoming ports as set by ProFTPD’s PassivePorts directive.!
Create user: Be careful with permissions here! Make sure that you know what you are doing! I do not know your exact environment so do not want to give you are wrong suggestion:
I have 3 virtual hosts on my machine (same IP all of them, and WordPress installations, by the way).
For each virtual host do I configure the ProFTP server as you mentioned in the above scenario? If so, where? This is not clear for me. In file:
/etc/proftpd.conf ?
And each virtual host should be on each different port? Or the three vhosts on the same port? Maybe I misunderstood that the access directory might be any directory at all, and so I can put 1 ftp user to access the 3 vhosts from the
/ var / www
directory. Is this true?
For ftp service, and regarding ownership of files: Instead of
# chown -R root:luna / var /www /html/my-site
is it OK if I do
# chown -R apache:luna /var /www /html /my-site
so I can upload files to my site either using the self-uploading WP feature or using the ProFTPD server?
If all hosts are on the same IP address then configure the ProFTPD and its relevant SSL for a single hostname. No point to have multiple.
Here is what you can try.
Once you are ready perhaps the best solution is to create multiple users each with access to different site. I’m working here under the assumption that group apache has a write access to all relevant directories. For example: