Install and create an FTP user without using the control panel.

Loading ProFTPD:

Systems Debian/Ubuntu:

apt-get install proftpd


yum install epel-release
yum install proftpd

If the server does not start automatically, use the command to start manually:

service proftpd start

Limit FTP users to outside the home directory.

This article involves running the ProFTPD configuration "by default", in which case the user can go beyond his home directory and, although he has the rights to work with other folders, Probably not, but if the server’s configuration isn’t strong enough, it could be a security risk. You can solve this problem by adding one line to proftpd.conf file:

DefaultRoot ~

You can add it to the end of the file. After saving, restart the FTP server:

service proftpd restart

Location proftpd.conf:

The proftpd.conf configuration file can be located in different places depending on your OS version:

Ubuntu: /etc/proftpd.conf

Debian: /etc/proftpd/proftpd.conf

CentOS: /etc/proftpd.conf

Create a new FTP user:

Simple FTP users do not need to have access to the shell. Before you start creating new users, run the following command:

echo '/bin/false' >> /etc/shells

Create a new user:

useradd username -d /home/username - m -s /bin/false
passwd user_name

Using the commands above, we created a user (user’s name to be replaced with an unoccupied name) and the corresponding group, assigned and created (the -m key can be omitted if the directory already exists) the home directory /home/mailbox name, and also chose /bin/false as the user’s command shell, thus disabling it for security reasons. With the passwd command we created the user the necessary password.

In most cases, you can already connect to the FTP server on port 21 by default.

Additional Information:

Access to Shell (shell)

If you still want to give the user access to the shell, you must specify the path to any working, instead of /bin/false, for example:




Users of the conventional FTP protocol do not need to access the shell, so it is safer not to provide it.

Restriction of FTP user rights:

If necessary, you can close the write permissions for the user, for example to the home directory, and leave them only for some internal folder, for example upload.

On behalf of the superuser, change rights:

chmod 555 /home/folder_name
mkdir /home/folder_name/upload
chown username:username /home/foldername/upload

In this case, the second username is the group name, which by default is the same as the username you created.

Thus, in a short time and a small number of steps, you can create a secure basic FTP user and start working with FTP on the server.

Last updated