# apt-get install proftpdSelect inetd or standalone, standalone
Install adduser.sh,yet another script that adds users
# wget http://kod.ipduh.com/lib/adduser.sh # chmod 700 adduser.sh # mv adduser.sh /bin
Add a dummy shell to the system allowed shells
# echo "/usr/bin/nologin" >> /etc/shells
Add a user
# adduser.sh Add User: Enter GROUPID : 8880 Enter GROUPNAME : ftpusers Enter USERID : 8881 Enter USERNAME : userftp Enter USER HOME DIRECTORY ( Or hit enter for /home/userftp ): /data/userftp Enter USERSHELL : /usr/bin/nologin Enter USERCOMMENT : ftpuser Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully User:userftp:x:8881:8880:ftpuser:/data/userftp:/usr/bin/nologin Group:ftpusers:x:8880: userftp home Dir /data/userftp long listing: total 20 4 drwxr-xr-x 2 userftp ftpusers 4096 Apr 24 14:09 . 4 drwxr-xr-x 4 root root 4096 Apr 24 14:09 .. 4 -rw-r--r-- 1 userftp ftpusers 220 Apr 24 14:09 .bash_logout 4 -rw-r--r-- 1 userftp ftpusers 3184 Apr 24 14:09 .bashrc 4 -rw-r--r-- 1 userftp ftpusers 675 Apr 24 14:09 .profile .
Delete /data/userftp/.bash_logout , /data/userftp/.bashrc , /data/userftp/.profile
# rm /data/userftp/.bas* # rm /data/userftp/.pro*
In /etc/proftpd/proftpd.conf
uncomment DefaultRoot set to ~
# grep DefaultRoot /etc/proftpd/proftpd.conf DefaultRoot ~Optionally, disable ipv6
UseIPv6 offand enable extented logs
ExtendedLog /var/log/proftpd/extftp.log
Disallow to the rest of the users ftp access
# cat /etc/passwd |grep -v userftp | awk -F : '{print $1}' > /etc/proftpd/no-ftp-users # cat /etc/ftpusers >> /etc/proftpd/no-ftp-users # cat /etc/proftpd/no-ftp-users | sort | uniq > /etc/proftpd/no-ftp-users.uniq # cp /etc/proftpd/no-ftp-users.uniq /etc/ftpusers
Restart proftpd
# /etc/init.d/proftpd restart Stopping ftp server: proftpd. Starting ftp server: proftpd.
Test
# touch /data/userftp/blah # chown 8881.8880 /data/userftp/blah ftp localhost Connected to localhost. 220 ProFTPD 1.3.3a Server ready. Name (localhost:gone): userftp 331 Password required for userftp Password: 230 User userftp logged in Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 200 PORT command successful 150 Opening ASCII mode data connection for file list -rw-r--r-- 1 userftp ftpusers 0 Apr 24 11:11 blah 226 Transfer complete ftp> quit 221 Goodbye.
Test from another host in that same LAN eg. a routerboard powered machine.
[ipduh@ath-rox] > tool fetch address=10.3.77.3 mode=ftp password=userftpsomepassword user=userftp port=21 host="" dst-path=blah src-path=blah scii=yes status: finished [ipduh@ath-rox] >
Done!
However, if you don't absolutely need FTP disable-uninstall proftp and configure SFTP instead ;)
FTP server on Debian GNU Linux - proftpd