ProFTPd create different virtual hosts for different users
Solution 1
you don't need anything that fancy. all you need to do is set their HomeDir to something different and then use chroot by setting DefaultRoot ~
in your config. when each user logs in (regardless of name used to access it) they will be stuck in their directory. no virtual hosts needed (As they would need separate IPS or ports since FTP doesn't have name based virtual hosting like HTTP)
Solution 2
You can use chroot
# useradd -s /sbin/nologin -d /var/ftpfolder1 ftpuser1
# useradd -s /sbin/nologin -d /var/ftpfolder2 ftpuser2
Add the following option in proftpd.conf
DefaultRoot ~ !adm
<Global>
RequireValidShell no
...
</Global>
And restart the server. If you really need virtual host you could try something like following
<VirtualHost ftpsite1.domain.com>
ServerName "FTP1."
DefaultRoot ~
Umask 002
Port 21
<LIMIT LOGIN>
AllowUser ftpuser1
</LIMIT>
</VirtualHost>
<VirtualHost ftpsite2.domain.com>
ServerName "FTP2."
DefaultRoot ~
Umask 002
Port 21
<LIMIT LOGIN>
AllowUser ftpuser2
</LIMIT>
</VirtualHost>
Related videos on Youtube
tobia.zanarella
Updated on September 18, 2022Comments
-
tobia.zanarella almost 2 years
I'm totally new to ProFTPd server and I really can't find out how to configure what I need. I'd like to have some explanations on Virtual Servers and Per-directory rules.
I'm running Debian Debian Linux 6.0.7 (Squeeze) and ProFTPd version 1.33.
What I need is that 2 different users (let's say
ftpuser1
andftpuser2
, which I've already created as Unix users on the server) can have access via FTP to 2 different folders (/var/ftpfolder1
for ftpuser1 and/var/ftpfolder2
forftpuser2
).I mean, if ftpuser1 connects via FTP (for example with FileZilla client) to my server, he has to be able to access ONLY to the folder
/var/ftpfolder1
(the same for user "2"). They CAN'T see any other folder in the server.I think the best way is to give the two users two different URLs that point to the same IP (same server), ie.
ftpsite1.domain.com
forftpuser1
andftpsite2.domain.com
forftpuser2
.
So I tried to create a Virtual Server for user 1 and another for user 2 searching the internet for some tutorials on the subject, but I can't reach my desired result. I've also tried configuring per-directory directives without any success. The problem is that the users are able to connect to the server via FTP, but they can see only their HOME folders and not the folders I want.Here you'll find my attempted configuration.
I'd also like to understand from you the difference between a Virtual Server and a per-directory directive. I mean: I imagine that it's something similar to what Apache can do... But I really can't totally understand how to configure them properly.
Thank you.
Attempted directory configuration
ftpuser1
<Directory /var/ftpfolder1> <Limit ALL> DenyAll </Limit> <Limit ABOR APPE LIST MLSD NLST NOOP OPTS REST STOR PASS FEAT PWD USER CWD> DenyAll AllowUser ftpuser1 </Limit> </Directory>
ftpuser2
<Directory /var/ftpfolder2> <Limit ALL> DenyAll </Limit> <Limit ABOR APPE LIST MLSD NLST NOOP OPTS REST STOR PASS FEAT PWD USER CWD> DenyAll AllowUser ftpuser2 </Limit> </Directory>
Attempted virtual server configuration
ftpuser1
<VirtualHost ftpsite1.domain.com> ServerName "FTP for user 1" #Port 21 #Umask 027 <Limit LOGIN> DenyAll AllowUser ftpuser1 </Limit> <snt_ftp /var/ftpfolder1> User ftpuser1 Group proftpdusers UserAlias ftpuser1 <Limit LOGIN> AllowAll </Limit> <Limit WRITE> DenyAll AllowUser ftpuser1 </Limit> </snt_ftp> </VirtualHost>