sourcecode

Sunday, July 1, 2012

Setup sftp server and account on ubuntu

http://askubuntu.com/questions/143700/granting-a-sftp-user-access-to-a-var-www-directory

1. Install vsftp is easy:
  • https://help.ubuntu.com/10.04/serverguide/ftp-server.html
  • http://manpages.ubuntu.com/manpages//lucid/man5/vsftpd.conf.5.html
sudo apt-get install vsftpd

 2. Configure /etc/vsftpd.conf
  • disable anonymous users by change line 23
anonymous_enable=NO
  • uncomment line 26 to allow local users to log in
 local_enable=YES
  • uncomment line 29 to enable write:
 write_enable=YES
  • change the greetings (login banner string, line 101)
ftpd_banner=Welcome to rabbit FTP service.

  • to jail-root (chroot) user home, uncomment line 112:
chroot_local_user=YES
  • restart vsftpd service:
$sudo /etc/init.d/vsftpd restart
or
$service vsftpd restart

 3. Create and configure user www and jail under folder /var/www:
  • http://askubuntu.com/questions/19898/whats-the-simplest-way-to-edit-and-add-files-to-var-www
  • http://www.binaryroyale.com/index.php/2011/04/creating-sftp-accounts-in-ubuntu-e-g-for-uploading-website-files/
$adduser www --no-create-home --shell /bin/false
and set  the password accordingly.
  •  change user login directory to /var/www (-c is for comment field):
http://www.yolinux.com/TUTORIALS/LinuxTutorialWebSiteConfig.html
http://www.putorius.net/2011/04/how-to-chroot-users-in-sftp-server.html
 $usermod -c "web builder" -d /var/www www
change the owner:group of files under /var/www/ (but the folder /var/www, which is owned by root)
$chown www:www -R /var/www/*
4. Chroot user :Configure /etc/ssh/sshd_config
http://manpages.ubuntu.com/manpages/hardy/man5/sshd_config.5.html
  • comment out line 76:
 #Subsystem sftp /usr/lib/openssh/sftp-server
  • and added the lines at the end:
 Subsystem sftp internal-sftp
 Match user www
 ChrootDirectory %h
 ForceCommand internal-sftp
 AllowTcpForwarding no
  • restart ssh service
sudo /etc/init.d/ssh restart
NOTE: the root folder (/var/www) of user www has to be owned by root and has to be 755 (or 744) permission

http://ubuntuforums.org/showthread.php?t=1482005
http://www.techrepublic.com/blog/opensource/chroot-users-with-openssh-an-easier-way-to-confine-users-to-their-home-directories/229
http://askubuntu.com/questions/49271/how-to-setup-a-sftp-server-with-users-chrooted-in-their-homedirectories
See the last bit of http://wiki.archlinux.org/index.php/SFTP-chroot. You get a broken pipe error after logging in if the home folder is not owned by root (in fact the chain of folders leading down to it must be owned by root) or if it has write permissions for 'group' or 'other'.

5. To configure apache2 for a new site, edit or copy  /etc/apache2/sites-available/default
  • https://help.ubuntu.com/10.04/serverguide/httpd.html
NOTE: The main configuration file is /etc/apache2/apache2.conf
and under the same folder, the httpd.conf is empty.
The /etc/apache2/sites-available directory is not parsed by Apache2. Symbolic links in /etc/apache2/sites-enabled point to "available" sites.
Enable the new VirtualHost using the a2ensite utility and restart Apache2: 
sudo a2ensite rabbit2
sudo /etc/init.d/apache2 restart
 
6. Use the sftp with dreamwaver:
Connect using: SFTP
SFTP Address: 192.168.0.111 Port 22
Root Directory: /public_html/
webfolders should be 755 (r+x) and html files should be 644 (r).
If some typo happened, it is better to a create new site (name), and delete the old site (name). There is some cache mechanism that prevents one from being modified easily.

 /****************END**************/


Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)