Sorry, I didn't know where to post this, but here's my question: How do I create FTP Users on Linux?
How do I go about doing that? Support for my host said:
You will need to connect to this server via SSH or Telnet then SU to root. Once you have done that, you will create users, etc via the standard methods used in RedHat Linux 7.2. For further assistance you will need to either referenced a book on RedHat 7.2 or check RedHat's website.
Some help they were :rolleyes:
Yes, we do have a dedicated server.
I want to create FTP users with limitations:
1. They can only upload to a certain directory, which I specify. They can however, create directories within that directory.
2. They cannot upload files of specified types. I don't want them uploading .cgi, .php, .htaccess, etc.
Can someone point me in the right direction? Thanks.
um, can i ask a question? Why did someone move this thread into unix/linux servers under WEBHOSTING? This is NOT a webhosting question. I didn't post the thread in here because everything in here seems to be about webhosting and stuff. And this is NOT about webhosting.
I just want to know how to do something.
Perhaps you should have a FTP/Telnet/SSH forum, because that is where my thread belongs IMHO.
Sorry, just had to say so.
Yeah, it's never easy to work out the most precise and still all encompasing taxonomy of web related topics that will cover every situation. But this forum is for discussing of unix/linux web server issues. And you have a redhat linux server right? And it is a remotely hosted web server right? ... So this forum is for discussing these type of linux web server admin and related issues. This is a new forum category, and the web hosting categories were split up only recently. Thus, I think it will take some time for members to find the new forums and grok the new categories. However, while they do overlap, sysadmin and programming are two seperate areas and these issues are best dealt with here rather than in the programming forums which is where they often have been discussed in the past.
As for having a telnet/ssh/ftp forum, sure and we could have a forum for MTAs (mail transport agents); one for Bind DNS name server (named); one for Zeus web server; and so on...
Anyway, OK, well generally your system users can ftp to the server, specifically their home directory. However, you may configure ftp servers such as proftp to use "virtual" users rather than system users - but as your host is implying that you should create system users, we will stick with this method. The command line program you need to use is useradd which funny enough on linux can also be accessed as adduser - nice to know that the dyslexic are catered for.
useradd - Create a new user or update default new user information
useradd [-c comment] [-d home_dir]
[-e expire_date] [-f inactive_time]
[-g initial_group] [-G group[,...]]
[-m [-k skeleton_dir] | -M] [-p passwd]
[-s shell] [-u uid [ -o]] [-n] [-r] login
useradd -D [-g default_group] [-b default_home]
[-f default_inactive] [-e default_expire_date]
Creating New Users
When invoked without the -D option, the useradd command creates a new user
account using the values specified on the command line and the default values
from the system. The new user account will be entered into the system files as
needed, the home directory will be created, and initial files copied, depending
on the command line options. The version provided with Red Hat Linux will cre
ate a group for each user added to the system, unless -n option is given. The
options which apply to the useradd command are
The new user's password file comment field.
The new user will be created using home_dir as the value for the user's
login directory. The default is to append the login name to
default_home and use that as the login directory name.
The date on which the user account will be disabled. The date is speci
fied in the format YYYY-MM-DD.
The number of days after a password expires until the account is perma
nently disabled. A value of 0 disables the account as soon as the pass
word has expired, and a value of -1 disables the feature. The default
value is -1.
The group name or number of the user's initial login group. The group
name must exist. A group number must refer to an already existing
group. The default group number is 1.
A list of supplementary groups which the user is also a member of. Each
group is separated from the next by a comma, with no intervening whites
pace. The groups are subject to the same restrictions as the group
given with the -g option. The default is for the user to belong only to
the initial group.
-m The user's home directory will be created if it does not exist. The
files contained in skeleton_dir will be copied to the home directory if
the -k option is used, otherwise the files contained in /etc/skel will
be used instead. Any directories contained in skeleton_dir or /etc/skel
will be created in the user's home directory as well. The -k option is
only valid in conjunction with the -m option. The default is to not
create the directory and to not copy any files.
-M The user home directory will not be created, even if the system wide
settings from /etc/login.defs is to create home dirs.
-n A group having the same name as the user being added to the system will
be created by default. This option will turn off this Red Hat Linux spe
-r This flag is used to create a system account. That is, an user with an
UID lower than value of UID_MIN defined in /etc/login.defs. Note that
useradd will not create a home directory for such an user, regardless of
the default setting in /etc/login.defs. You have to specify -m option
if you want a home directory for a system account to be created. This
is an option added by Red Hat.
The encrypted password, as returned by crypt(3) or an MD5 password gen
erator. The default is to disable the account.
The name of the user's login shell. The default is to leave this field
blank, which causes the system to select the default login shell.
-u uid The numerical value of the user's ID. This value must be unique, unless
the -o option is used. The value must be non-negative. The default is
to use the smallest ID value greater than 99 and greater than every
other user. Values between 0 and 99 are typically reserved for system
Changing the default values
When invoked with the -D option, useradd will either display the current
default values, or update the default values from the command line. The valid
The initial path prefix for a new user's home directory. The user's
name will be affixed to the end of default_home to create the new direc
tory name if the -d option is not used when creating a new account.
The date on which the user account is disabled.
The number of days after a password has expired before the account will
The group name or ID for a new user's initial group. The named group
must exist, and a numerical group ID must have an existing entry .
The name of the new user's login shell. The named program will be used
for all future new user accounts.
If no options are specified, useradd displays the current default values.
The system administrator is responsible for placing the default user files in
the /etc/skel directory.
This version of useradd was modified by Red Hat to suit Red Hat user/group con
You may not add a user to an NIS group. This must be performed on the NIS
/etc/passwd - user account information
/etc/shadow - secure user account information
/etc/group - group information
/etc/default/useradd - default information
/etc/login.defs - system-wide settings
/etc/skel - directory containing default files
chfn(1), chsh(1), crypt(3), groupadd(8), groupdel(8), groupmod(8), passwd(1),
Julianne Frances Haugh (XXXX@austin.ibm.com)
You can view the manual page for any system program yourself by typing man program-name at the command prompt. Eg, man useradd
Now, in terms of configuring your ftp server, you had better tell us exactly which one you are using. For example, lets say you are using proftpd. In this case, to root jail your users into their home directory you place the following directive in your proftpd.conf file:
As for limiting the file types allowed, this is most do-able, but I don't know the directives for proftp off the top of my head. In any case consult the documentation, or post back with details of which ftp server you are using and someone may have more specific advice.
Allowing users to mkdir within their home directory should be default behaviour on most ftp servers. You may want to check whether you want to allow your users to chmod their files. In proftpd you can specify this in the default directory directives:
# Normally, we want files to be overwriteable.
Just one more thing - it's always a good idea for security to not allow the root user to log into ftp. In proftpd you use the directive:
Getting back to adding system users. If you do not have any control panel installed on the server, I recommend installing webmin www.webmin.com It is a nice open source linux admin control panel and can help you get up to speed with linux admin as it provides a web form interface for things such as managing your system users, configuring your servers such as ftpd, etc.
Originally posted by freakysid
Anyway, OK, well generally your system users can ftp to the server, specifically their home directory. However, you may configure ftp servers such as proftp to use "virtual" users rather than system users - but as your host is implying that you should create system users, we will stick with this method.
Could you tell me more about using proftp and "virtual" users to set up ftp on my server? I have proftp installed, but I don't know much about administrating a linux web server.
Thank you VERY much freakysid! That was very helpful. FTP is a NcFTPd server. =/
I am going to try it out tomorrow as soon as I get home. Thanks!
I don't know how to "SU to root" and I haven't been able to find something that shows me how =/
I'm so dumb, sorry. I applied for a Linux class for the summer because I know absolutely nothing about linux. Sorry! :bawling:
psychedelic, you can do the following to su (switch user) to root on a linux box if you have the root password. Login with your regular username/password and from a virtual console under KDE/Gnome/Other Window Manager session or from *tty? using <CTRL> + <ALT> + *<F?>. Now type "su" and hit <Enter>. You wil now be prompted for a password and it should look similar to what I have here:
Type in the root users password, while typing the password the characters may not show up at all, that is ok. After typing in password just hit <Enter> again. If you have the password correct you should now see your prompt change from a "$" ro a "#". You can also verify you are su'ed to root by isuing the command whoami and hitting enter. The response should simply be "root" and NOT your regular username. When you are done working as rot remeber to type "exit" and <Enter> to "su" back to your user. Also you can hit <CTRL> + <ALT> + <F7> to get back to your Desktop when done if needed.
*? can be a number from 1 to 6 for the respective tty terminal ie... <F1> for tty1 or <F6> for tty6
This topic is now closed. New replies are no longer allowed.