7 steps how to create an FTP user with access to specific directories

This post describes how we can create an FTP user with specific access to directories. This allows you to restrict the user to only do something in a specific folder.

Let’s create an FTP user with specific access to the directory:

Step 1: First, you need configure an FTP server.

Step 2: Change “chroot_local_user” to yes

Change the parameter below in /etc/vsftpd/vsftpd.conf to yes. Un-hash is if its a hash.

chroot_local_user=YES

Step 3: Restart the FTP service.

[[email protected]]# service vsftpd restart
Shutting down vsftpd:                                      [  OK  ]
Starting vsftpd for vsftpd:                                [  OK  ]
[[email protected]]#

Step 4: Create a directory for FTP.

[[email protected] ~]# mkdir /var/ftp_home

Step 5: Create an FTP user and set a password for the same user.

[[email protected] ~]# useradd ftpuser
[[email protected] ~]# passwd ftpuser
Changing password for user ftpuser.
New password:
BAD PASSWORD: it is based on your username
Retype new password:
passwd: all authentication tokens updated successfully.
[[email protected] ~]#

Step 6: Change the owner for the directory and set it as the default home directory.

[[email protected] ~]# chown ftpuser:ftpuser /var/ftp_home
 
[[email protected] ~]# usermod -d /var/ftp_home/ ftpuser

Step 7: Change the FTP users’ shell to NOLOGIN if you only want to perform a file transfer operation. The user will not be able to login to the server via SSH or Telnet.

[[email protected] ftp_home]# usermod -s /sbin/nologin ftpuser

Double check it with the following command.

[[email protected] ~]# cat /etc/passwd|grep ftpuser
ftpuser:x:506:509::/var/ftp_home/:/sbin/nologin

Testing:

Try to log in from another system with the command below (to log out use the command bye):

[[email protected] ftp_dump]# ftp 192.168.216.135
Connected to 192.168.216.135 (192.168.216.135).
220 (vsFTPd 2.2.2)
Name (192.168.216.135:root): ftpuser
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
227 Entering Passive Mode (192,168,216,135,228,49).
150 Here comes the directory listing.
-rw-r--r-- 1 0 0 0 Jan 01 20:47 12
-rw-r--r-- 1 0 0 0 Jan 01 20:47 4
-rw-r--r-- 1 0 0 0 Jan 01 20:47 5
226 Directory send OK.
ftp> bye

Since we have assigned NOLOGIN to the user’s shell, he will not be able to log in.

[[email protected] ]# ssh [email protected]
[email protected]'s password:
This account is currently not available.
Connection to 192.168.216.135 closed.
[[email protected] ]#

7 steps how to create an FTP user with access to specific directories

Sidebar