Working with Linux howtos

• Working with RPM
• Package Management Made Easy With Apt
• Moving files around: Setting up FTP
• SCP: an FTP alternative
• SFTP: Easy jailed accounts
• Backup FTP server: offsite backups that you control
• Automated incremental backups: Script to automate backups using SSHFS and rdiff-backup
• Backups with rSync
• Automated backups with RSync
• Load balancing and failover
• Accurate time with NTP
• Setting a UTC timezone
• Changing a hostname
• Application environment setup (using bash profiles)
• Using find and xargs
• Setting up disk quotas
• Working with Bash aliases

Moving Files Around: Setting up FTP

FTP (File Transfer Protocol) is a common way of moving files between computers.  By default your RimuHosting server will not have FTP enabled.

Do you really need to run FTP? For example, if you are going to be the only person moving files to and from your server, then you may not need it.  Try our scp/sftp howto instead.

To install vsftp on your system run: [root@vps ~]# apt-get install vsftpd

To enable FTP, first edit the vsftpd.conf file (e.g. vi /etc/vsftpd/vsftpd.conf).  Then:

• Consider changing anonymous_enable=YES to anonymous_enable=NO
• Uncomment the "nopriv_user=ftpsecure" line
• Uncomment the "write_enable=YES" line (else you'll get an error like '550 Permission denied.' from your FTP client when you upload a file or create a directory)
• Uncomment the "local_enable=YES" line (else you'll get an error like '500 OOPS: vsftpd: both local and anonymous access disabled!')
• Add a "chroot_local_user=YES" line. This will trap your FTP users in their own /home/username directory. Otherwise they will be able to see and update some files outside their home directory.
• Consider setting "userlist_enable=YES". This will let only the usernames listed in /etc/vsftpd.user_list use the FTP service. (You will also need to add those usernames to that file).

Then create a non-super user that vsftp will run as. In Debian Squeeze a "ftp" user is created for this purpose when you install the vsftpd package.   Note: this is not the FTP username you'll use when logging into your FTP server.

VSFTPD=/etc/vsftpd.conf
[ -e /etc/vsftpd/vsftpd.conf ] && VSFTPD=/etc/vsftpd/vsftpd.conf
# create an unpriviledged user that will run the vsftpd service
if [ -e /etc/redhat-release ]; then
adduser -s /sbin/nologin ftpsecure
fi
sed --in-place 's/^anonymous_enable=YES/anonymous_enable=NO/ig' $VSFTPD
sed --in-place 's/^anon_upload_enable=YES/anon_upload_enable=NO/ig' $VSFTPD

Then, most redhat distributions you can then run:

chkconfig --level 35 vsftpd on && /etc/init.d/vsftpd start

The ftp daemon will not let you log in as root (?why?).  Try a log in as a non-super user.  To create such a user:

# add the user, use the -s (shell) option if you do not want the 
# user to be able to ssh into the server (else skip it)
adduser -s /sbin/nologin yourusername
passwd yourusername
# you will be prompted for a password
# now, log in to your ftp server using this username and password

Locking FTP Users Into Their Home Directories

By default FTP users can read and write files any files on the server, provided they have access to read/write those files.

You can also set things up so that FTP users only see files under their home directory.  This can often be a more secure setup.  To do this just add chroot_local_user=YES in vsftpd.conf (and restart vsftpd). e.g.

VSFTPD=/etc/vsftpd.conf
[ -e /etc/vsftpd/vsftpd.conf ] && VSFTPD=/etc/vsftpd/vsftpd.conf
sed --in-place 's/^anonymous_enable=YES/anonymous_enable=NO/ig' $VSFTPD
sed --in-place 's/^anon_upload_enable=YES/anon_upload_enable=NO/ig' $VSFTPD
if ! test -e $VSFTPD; then 
    echo $VSFTPD not found
elif grep -qai chroot_local_user=YES $VSFTPD; then 
    echo "chroot_local_user directive already existed"
else 
    echo "Adding the chroot_local_user directive"
    echo "chroot_local_user=YES" >> $VSFTPD
fi
/etc/init.d/vsftpd restart

When a user logs in, if there directory was /home/user/html, they would see /html. They're locked into /home/user, and /home/user becomes their root (/) directory.