ftp

chroot ftp user outside plesk

To chroot ftp user outside of plesk, add the user belonging to psacln group.

usemod -g psacln <username>

Serving ftp with vsftpd

vsftpd can be installed directly via yum and is a straight forward setup:

yum install vsftpd
chkconfig vsftpd on
service vsftpd start

The default vsftpd.conf should be fine to run with. However, it is best practice to disable anonymous access if not being used:

# cat /etc/vsftpd/vsftpd.conf | grep -v "#\|^$"
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=NO
nopriv_user=nobody
ftpd_banner=OK
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
log_ftp_protocol=YES
chroot_local_user=YES

For an incoming dropbox only option, use:

download_enable=NO
dirlist_enable=NO

Track files uploaded via pure-ftpd

Recently, I've had more than one occurrence of files being messed up due to bad uploads from users on a cpanel server running pure-ftpd.

Here is a simple one liner to get a report of uploads:

/bin/grep pure-ftpd /var/log/messages| grep upload | grep -v <trusted ip address>

"trusted ip address" would possibly be your own.

I put the above on a daily cron and keep an eye out for user uploads.

Syndicate content
Comment