FTP with limted access
From SuperbHosting Support Wiki
Contents |
Setting up an FTP account with limited access to subfolders
Assuming you already have an existing domain example.com with the primary FTP user jack with password schmidt with home directory /home/httpd/vhosts/example.com, and you wish to create additional FTP users jill and bob with the same access privileges as jack:
The first step is to login to server via SSH as root.
Now, issue the shell command:
cat /etc/passwd |grep 'jack'
This will show you a line similar to the following:
jack:x:10041:10001::/home/httpd/vhosts/example.com:/usr/local/psa/bin/chrootsh
The first number (after the 2nd colon) is 10041, so this is the UID of user jack.
You will need this in the useradd lines since useradd wants a number for the UID.
The second number (after the 3rd colon) is 10001, this is the GID (psacln), we won't need that right now.
Then do the following shell commands to create the users and passwords:
useradd -u 10041 -o -d /home/httpd/vhosts/example.com -g psacln -s /usr/local/psa/bin/chrootsh jill useradd -u 10041 -o -d /home/httpd/vhosts/example.com -g psacln -s /usr/local/psa/bin/chrootsh bob passwd jill (enter the new password and confirm it, does not have to be the same as jack's) passwd bob (enter the new password and confirm it, does not have to be the same as jack's)
You should now be able to use an FTP client to login with that user's name and password. User jill and bob should be able to see the example.com docroot just as user jack can. You should NOT be able to browse above the example.com docroot directory.
All 3 users should have the same access to the files since they belong to the same group, so no matter which of the users created or edited the file(s), all should be able to access/edit/whatever the same files. For more information on the shell utilities used, use:
man useradd man passwd
Since these are users defined at the OS level, when connecting with an FTP client, they would login with username jill, bob, or jack. They would NOT use jill@example.com. This also means that usernames must be unique.
Subdomain FTP users
If you wanted to change their default directory and limit them to a Plesk created subdomain docroot, in the useradd line above, you would change /home/httpd/vhosts/example.com to /home/httpd/vhosts/example.com/subdomains/subname. So if you wanted to create the same users, but for a subdomain called awesome, then do the following shell commands to create the users and passwords:
useradd -u 10041 -o -d /home/httpd/vhosts/example.com/subdomains/awesome -g psacln -s /usr/local/psa/bin/chrootsh jill useradd -u 10041 -o -d /home/httpd/vhosts/example.com/subdomains/awesome -g psacln -s /usr/local/psa/bin/chrootsh bob passwd jill (enter the new password and confirm it, does not have to be the same as jack's) passwd bob (enter the new password and confirm it, does not have to be the same as jack's)
Deleting an FTP user
userdel jill
This will not delete any files unless you use the -r option which you probably don't want to do if they are sharing files!
Plesk subdomains versus 4PSA subdomains
- Plesk creates their subdomains in /home/httpd/vhosts/example.com/subdomains
- 4PSA creates their subdomains in /home/httpd/vhosts/example.com/httpdocs/subdomains
So keep this in mind for anyone using 4PSA Total Domains software! You may need to adjust the paths in these examples.
