I have a VPS using Debian 6.0. Currently, SSH is set to not accept password logins, and only key-based ones.
A person who needs to work on one particular website (a vhost) wishes to use FTP. He doesn't need/want SSH. How can I set up FTP access for him, enabling him to have write permissions for all files in the relevant directory, and only the relevant directory? The directory is /srv/www/domainname.com/public_html
Currently, all directories and files in that directory belong to www-data:www-data and are 644/755.
I've installed vsftpd and have been reading some guides, but they all seem to deal with allowing multiple users to have their own user-named directories which isn't what I'm after. I can't seem to work out how to simply define one FTP user with a password that has access to one directory of my choosing.
This is my first experience of setting up an FTP server.
Thanks.
Edit: have also found this – maybe I should be using ProFTPd, or can vsftpd also do what I want?
Best Answer
If you want to go with the SFTP only solution, I have created a blog post recently that describes exactly this including a few of the common errors: http://blog.frands.net/sftp-only-chroot-users-with-openssh-in-debian-166/
If you want to go with the FTP solution, vsftpd is indeed a fine choice. However, when a user uploads a file it will be set with his user and group following the defined umask. You could set the user's primary group to www-data and then create a umask that fits in vsftpd.
This is a quick-howto do what I suggested:
Create the user with the www-data group, no real shell and the correct home dir, set the password afterwards
Make sure that vsftpd accepts his shell. cat /etc/shells and look for /bin/false (it should not be there by default) - if it not there, add it:
Next, edit the vsftpd config file. Touch these parameters: (if they are commented out, remove the #)
Disable anonymous access to the server
Allow local users to use FTP
Allow file uploads
Set the umask, so the files the user uploads are also writable by group (www-data)
Chroot the user so he cannot move out of his home dir
Now, restart vsftpd
and you should be all set.
BUT!