FTP on a VPS
You have a DigitalOcean droplet or a VPS from another service and you need to create a FTP account/s?
It’s actually easier than you think.
In my case, I needed to give someone FTP access to a DO droplet where we had many Wordpress installs running.
So having a FTP account to give access to only a specific folder is really important, so after some digging, here’s a solution that worked off the bat;
(I will assume you are a system admin/have root access to the VPS)
Installing vsftpd
Login through your favorite console and install vsftpd:
sudo apt-get install vsftpd
After the install is finished, we need to edit some options in the configuration
sudo nano /etc/vsftpd.conf
Next up, find these lines and modify them accordingly, and make sure they are uncommented (remove the hashtag before the line in case it’s there)
anonymous_enable=NO
local_umask=022
chroot_local_user=YES
write_enable=YES
local_enable=YES
To overview what we just did:
We do not want anonymous login on our server (most cases) anonymous_enable=NO
The local_umask=022 is slightly more complicated to explain and goes out of the scope of this article, but you can read more here. It’s the permissions level
With chroot_local_user we link (or jail) the user into a specific folder after login.
write_enable and local_enable are important for actually being able to write and access files. They should be set to YES
The full documentation for all the commmands can be found here.
The final edit in the config is to add this at the end of the file:
force_dot_files=YES
With this you can see files that start with a dot, like the .htaccess
Create a user
You should (must) have a dedicated user for that specific FTP account, so let’s do that quick:
sudo adduser <username>
You’ll be prompted with adding a password and some extra information. I suggest always creating a complex password. I personally use Dashlane’s Chrome plugin to generate a complex password. The other fields can be left empty.
Finishing up
There are 3 more steps left:
Tell which folder gets assigned to which user.
sudo usermod -m -d /var/www/example.com <username>
Of course, your folder will be different than example.com and your username will be the one you previously created.
Make sure the permissions are set:
sudo chmod a-w /var/www/example.com
And give the vsftpd a restart
sudo service vsftpd restart
That’s it! Now you should do a quick test and fire up FileZilla and do a test.
On login you should have access only to the specified folder, as in our example.com.
Let me know if it helped or something didn’t work!