FTP accounts¶
FTP accounts can be easily created with a Satan tool.
Naming convention
Every FTP account has an unique prefix to avoid name collisions: ftp word, your UID and underscore _. Then comes any name you desire, e.g. ftp1234_files.
Note
FTP account is not necessary to upload data to your web site directory. A better way is to use SFTP protocol, for instance by using WinSCP software.
Syntax¶
The syntax is as follows:
satan ftp add <username> <directory> <privs>
satan ftp del <username>
satan ftp list
satan ftp change <username> password
satan ftp change <username> <privs>
Syntax can be displayed anytime by typing satan ftp help.
Default actions
- satan ftp add <username> <directory> <privs> (default privileges will be used)
- satan ftp list
- satan ftp change <username> password
| Command | Description |
|---|---|
| satan ftp add <username> <directory> | Create a new FTP account. Username format is ftpUID_name, e.g. ftp1234_bongo. Username written after underscore cannot be longer than 14 characters and must begin with a letter. You can check your UID with id -u command. The <directory> argument must be an absolute path to the existing directory in the file system. Password cannot be shorter than 5 characters and longer than 16 characters and must consist over two groups of characters (like digits and letters). If not specified, default privileges will be used. See below. |
| satan ftp add <username> <directory> <privs> | Create an FTP account with custom privileges. In this command you can only revoke privileges as by default all privileges are enabled. Available options: nomkdir, nodelete, noupload, noread, noftpes. You can also you numeric values for privileges. See below. |
| satan ftp del <username> | Remove an FTP account. Destination directory will not be removed. |
| satan ftp list | List all FTP accounts. Caution, the passwords will be shown as plain text! |
| satan ftp change <username> password | Change password to FTP account. Remember, password in this command is a keyword, not actually your password. You will be prompted for the password. New password can be also generated. |
| satan ftp change <username> <privs> | Change privileges to FTP account. Available privileges are: (no)mkdir, (no)delete, (no)upload, (no)read, (no)ftpes. The word no in the beginning removes privilege. Without the word, privilege is to be enabled. |
Available privileges¶
All privileges are enabled by default. Revoking privileges can be performed by adding ‘no’ keyword in the beginning of privilege name.
| Privilege | Numeric value | Description |
|---|---|---|
| nomkdir | 1 | User will not be permitted to create new directories. |
| nodelete | 2 | User will not be permitted to perform write operations other than upload and create directory, such as deletion and renaming. |
| noupload | 4 | User will not be permitted to upload files. |
| noread | 8 | User will be allowed only to download files which are world readable. |
| noftpes | 16 | User will not be forced to use a secure SSL connection in order to send the password (this doesn’t work because of bug in vsftpd) and to send and receive data. However still both SSL and nonSSL connections are possible. |
You can join privileges by adding numeric values, e.g. noftpes and noupload is 16 + 4 = 20.
Examples¶
Creating new FTP account¶
In this example we will create a new FTP account with generated password and we will display a list of all FTP accounts. Because user name must be in format of ftpUID_name firstly user UID will be checked. Then we will change some privileges.
Please remember that during account creation and in the list passwords will be displayed in plain text. The user name in the example is bongo. Commands are as follows:
$ id -u
1234
$ satan ftp add ftp1234_resources /home/bongo/ftp
Password (or press Enter to generate):
Your password is xg$QqwZu%-/* (copy it to your FTP client)
Remember, that you must specify full path to directory.
Checking FTP accounts¶
To check if everything went fine you can list all FTP accounts:
$ satan ftp list
FTP accounts (1 in total)
Username Directory Password mkdir delete upload read ftpes
ftp1234_resources /home/bongo/ftp xg$QqwZu%-/* yes yes yes yes yes
Changing privileges¶
If your FTP client does not support FTPES connection you can easily disable it by invoking following command:
$ satan ftp change ftp1234_resources noftpes
FTP for website¶
Remember that:
- FTP server is available only on the shell servers thus you need point FTP directory to NFS share. In most cases /home/login/fastweb should be sufficient.
- FTP is not really necessary to upload data to your web site directory as you can use rsync or sftp using SSH or SFTP protocol authenticating with you shell server password.
If you have properly configured vhost in home directory you should find a symbolic link called ~fastweb. In order to create FTP account type:
satan ftp add ftp1234_www /home/bongo/fastweb/bongo.rootnode.net/htdocs
where bongo is your username and 1234 is your UID.
Connection¶
FTP server is run on shell server, not web server. To create user-friendly FTP host you can use satan dns add cname example.com ftp stallman2.rootnode.net command where example.com is your domain name and stallman2 is the name of your shell server.
Now you can connect to ftp.example.com on port 21.
Secure connection¶
Secure connection can be made using FTPES (FTP over Explicit SSL) protocol. Destination port is the same as in regular FTP connection (21). Most FTP clients support FTPES protocol and it is recommended to use.
Troubleshooting¶
Cannot see files¶
If you cannot see files probably you received 552 Data connections must be encrypted error. Your FTP client doesn’t support this mode. Try to disable FTPES with command:
$ satan ftp change ftp1234_resources noftpes
where ftp1234_resources is the name of your FTP account.