Activities

July 2013
M T W T F S S
« Jun   Aug »
1234567
891011121314
15161718192021
22232425262728
293031  

How do I create read only and full access FTP users on Plesk

Today I had a requirement to provide a ftp space for sharing csv feed to other third party to pull the data from one of our server. At the same time our custom program can able to upload the data to the same area on a daily basis. Client has a dedicated Plesk server and I did not find any option to create read only ftp users in plesk. Also we can not create a multiple ftp users to share a common ftp space unlike CPanel does.

We need to create a sub domain for each new ftp users in Plesk. Plesk would have a long way to meet the Cpanel features as of time.

Creating FTP user

1. I have to create a new sub domain to add a new FTP user. Also I do not want this ftp user have web access. So that I’ve disabled script execution option while creating new sub domain.

2. Next thing is ssh to the server and switched to the location where sub domain folder created (/var/www/vhosts/serveridol.com/subdomains). You will see a folder which created on the sub domain name there and few plesk folders are created there.

[root@ test]# ls -ls
total 4
0 drwxr-x--- 3 omegalc psaserv   17 Apr 26 00:53 cgi-bin
0 drwxr-x--- 2 root    psaserv    6 Apr 26 00:53 conf
4 drwxr-x--- 2 root    psaserv 4096 Apr 26 00:53 error_docs
0 drwxr-x--- 6 omegalc psaserv   85 Apr 26 00:53 httpdocs
0 drwxr-x--- 5 omegalc psaserv   72 Apr 26 00:53 httpsdocs
[root@titaniumserver test]#

3. Now I’ve deleted everything under the sub domain folder (/var/www/vhosts/serveridol.com/subdomains/feed). Also pls note the subdomain folder permission which is owned by root.

[root@subdomains]# ls -ls
total 0
0 drwxr-xr-x 7 root root 79 Apr 26 00:53 feed
[root@ subdomains]

4. Creating read only ftp user

In this step, We are going to create new ftp user with the same properties ( GID,home and shell) of subdomain user “feedowner”

a. First we need to identify the group name,home fodler path and shell used for the ftp user created from Plesk.

[root@ subdomains]# grep "feedowner"   /etc/passwd
feedowner:x:10010:10001::/var/www/vhosts/serveridol.com/subdomains/feed:/bin/false
[root@ subdomains]#

b. Creating new readonly user

 #useradd -u 10011 -o -d /var/www/vhosts/serveridol.com/subdomains/feed -g psacln -s /bin/false ftpread

Now you can see the similar entries at the bottom of “/etc/passwd” file as shown below,

feedowner:x:10010:10001::/var/www/vhosts/serveridol.com/subdomains/feed:/bin/false
ftpread:x:10011:10001::/var/www/vhosts/serveridol.com/subdomains/feed:/bin/false

Note : I’ve changed uid to very next number (10011) keep the all other settings as REAL ftp user.

c. Change the sub domain folder permission
Now I need to change the subdomain folder permission from root to REAL ftp user and group owner will be same as root.

 [root@ subdomains]#cd /var/www/vhosts/serveridol.com/subdomains/
[root@ subdomains]#chown -R feedowner feed
[root@titaniumserver subdomains]# ls -la
total 4
drwxr-xr-x  3 root      psaserv   17 Jul 30 04:58 .
drwxr-xr-x 14 root      root    4096 Jul 12 01:45 ..
drwxr-xr-x  2 feedowner root      59 Jul 30 06:05 feed
[root@ subdomains]#

That’s it !

How do I test

We may use either any ftp GUI client tool like Filezilla or ftp command line for the testing.

-bash-3.2# ftp feed.serveridol.com
Connected to feed.serveridol.com.
220 ProFTPD 1.3.1 Server (ProFTPD) [74.20.145.3]
500 AUTH not understood
500 AUTH not understood
KERBEROS_V4 rejected as an authentication type
Name (feed.serveridol.com:root): feedowner
331 Password required for feedowner
Password:
230 User feedowner logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mkdir test;
257 "/test;" - Directory successfully created
ftp> bye
221 Goodbye.
-bash-3.2# ftp feed.serveridol.com
Connected to feed.serveridol.com.
220 ProFTPD 1.3.1 Server (ProFTPD) [74.20.145.3]
500 AUTH not understood
500 AUTH not understood
KERBEROS_V4 rejected as an authentication type
Name (feed.serveridol.com:root): ftpread
331 Password required for ftpread
Password:
230 User ftpread logged in
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> mkdir sample
550 sample: Permission denied
ftp>

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>