First of all thanks for bringing EasyEngine to us!
Followed and used the project for quite some time now, and love the way it’s going and the direction the development has taken.
The only thing I hate, is that EasyEngine dos not give us a way to give a user FTP Access, we only got the www-data SFTP login, I got a couple of costumers that need FTP access, and I dont want to hand out the www-data user, since they can do to mutch harm.
So I started my journey how could I make a solution that worked with EasyEngine, and that allowed me to create FTP accounts for specific websites, with out giving them access to all other websites on the server.
After some searching on Virtual Users FTP, I tried out a couple of tutorials and it worked! BUT! They used text files, and raw passwords, not very safe to be honest, so when I got a new server I played arround with VSFTPD/MySQL and PAM, to create a more secure container for the password, and to be honest it’s just a better way then creating text files to get the same result.
The guides found for VSFTPD/MySQL/PAM and Virtual Users, did not work out that well, because they forgot to mention, that Ubuntu got meny problems with VSFTPD true apt-get, after a lot of searching I finally found a good forum thread on UbuntuForums.
First we need to get a working version of VSFTPD! http://ehcpforce.tk/faq/index.php?sid=2579&lang=en&action=artikel&cat=1&id=3&artlang=en this link contains info for Ubuntu 12.04 and above, and is different for every Version of Ubuntu.
After you installed VSFTPD follow the following guide. apt-get install libpam-mysql libpam-ldap
LDAP server Uniform Resource Identifier: <-- ENTER
Distinguished name of the search base: <-- ENTER
LDAP version to use: <-- 3
Make local root Database admin: <-- Yes
Does the LDAP database require login? <-- No
LDAP account for root: <-- ENTER
LDAP root account password: <-- ldaprootpw (change to your password)
If you get more questions select the option that it surgests
==> Create The MySQL Database For vsftpd
mysql -u root -p
==> Create the Database, and user, remember to set your own password instead of fpdpass
CREATE DATABASE vsftpd;
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost' IDENTIFIED BY 'ftpdpass';
GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP ON vsftpd.* TO 'vsftpd'@'localhost.localdomain' IDENTIFIED BY 'ftpdpass';
FLUSH PRIVILEGES;
USE vsftpd;
==> Create the Tables in vsftpd Database
USE vsftpd;
CREATE TABLE `accounts` (
`id` INT NOT NULL AUTO_INCREMENT PRIMARY KEY ,
`username` VARCHAR( 30 ) NOT NULL ,
`pass` VARCHAR( 50 ) NOT NULL ,
UNIQUE (
`username`
)
) ENGINE = MYISAM ;
quit;
==> Only use this line if you got issues with the setup, I only tested with this line, since I had some issues, that I later found out was Ubuntus version of VSFTPD
useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd
==> Config file stuff
cp /etc/vsftpd.conf /etc/vsftpd.conf_orig
cat /dev/null > /etc/vsftpd.conf
nano /etc/vsftpd.conf
==> Insert following to the config file
listen=YES
anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
local_umask=022
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
guest_enable=YES
ftp_username=www-data
chown_username=www-data
guest_username=www-data
user_sub_token=$USER
local_root=/var/www/$USER
chroot_local_user=YES
hide_ids=YES
check_shell=NO
user_config_dir=/var/www/users
allow_writeable_chroot=YES
==> Create user_config_dir
mkdir /var/www/users
==> Lets create the PAM config files for vsftpd
cp /etc/pam.d/vsftpd /etc/pam.d/vsftpd_orig
cat /dev/null > /etc/pam.d/vsftpd
nano /etc/pam.d/vsftpd
==> Insert the following, remember to change ftpdpass in to the password you set for the mysql vsftpd user earlyer
auth required pam_mysql.so user=vsftpd passwd=ftpdpass host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=2
account required pam_mysql.so user=vsftpd passwd=ftpdpass host=localhost db=vsftpd table=accounts usercolumn=username passwdcolumn=pass crypt=2
==> Restart VSFTPD
/etc/init.d/vsftpd restart
==> Create the first virtual user, remember the username needs to match a folder in /var/www ex. Domain.com
mysql -u root -p
USE vsftpd;
==> Remember to change domain.com and password to what you want
INSERT INTO accounts (username, pass) VALUES('testuser', PASSWORD('secret'));
quit;
You should now be good to go, and have a working ftp user that can only access /var/www/domain.com
If you want a user to have a different root, or create a “master” account, you can do this by creating a file in /var/www/users
Example – the file you create inside /var/www/users needs to match the username, lets say I created a username thats masteruser in the mysql table
nano /var/www/users/masteruser
==>> Insert the following change the directory to /var/www or something inside /var/www
Example 1
local_root=/var/www
Example 2
local_root=/var/www/domain.com