FTP Configuration Reference: Difference between revisions
No edit summary |
No edit summary |
||
| Line 1: | Line 1: | ||
FTP configuration | FTP in SYmpl is provided by [[Pure-FTPd]], and user configuration is typically done with one of two methods, either authenticating against the domain (<code>'''''example.com'''''</code>) with full access, or authenticating as a user on the domain (<code>'''''user'''''@'''''example.com'''''</code>) which supports limited access. | ||
== Domain Authentication == | ==Domain Authentication== | ||
The most basic method of authentication provides access to the <code>/srv/'''''example.com'''''/public/</code> directory and it's contents, but no directories above that. | The most basic method of authentication provides access to the <code>/srv/'''''example.com'''''/public/</code> directory and it's contents, but no directories above that. | ||
To enable this, simply add a password in <code>/srv/'''''example.com'''''/config/ftp-password</code> either in plain text or as a hashed password (generated using <code>sympl-encrypt-password</code>). | To enable this, simply add a password in <code>/srv/'''''example.com'''''/config/ftp-password</code> either in plain text or as a hashed password (generated using <code>[[sympl-encrypt-password]]</code>). | ||
Users can then log in to the server using an FTP client using any hostname or IP which points to the server, with the username <code>'''''example.com'''''</code> and password as set in <code>config/ftp-password</code>. | Users can then log in to the server using an FTP client using any hostname or IP which points to the server, with the username <code>'''''example.com'''''</code> and password as set in <code>config/ftp-password</code>. | ||
== Multi-User Authentication == | === FTP Quota === | ||
If necessary, an FTP quota can be set in <code>/srv/'''''example.com'''''/config/ftp-quota</code>. This defaults to <code>0</code> if unset, and is a value in bytes, supporting the normal [[File Size Suffixes|file size suffix]] format. | |||
This quota will prevent any new uploads via FTP once the total size of all files and subdirectories in <code>/srv/'''''example.com'''''/public/</code> (including logs) reaches the quota value, however it does not prevent web uploads or other processes using space. | |||
==Multi-User Authentication== | |||
The multi-user authentication method supports users with separate directory access and quotas, and is controlled with the <code>/srv/'''''example.com'''''/config/ftp-users</code> file, and again has access limited to <code>/srv/'''''example.com'''''/public/</code>. | The multi-user authentication method supports users with separate directory access and quotas, and is controlled with the <code>/srv/'''''example.com'''''/config/ftp-users</code> file, and again has access limited to <code>/srv/'''''example.com'''''/public/</code>. | ||
The format of the <code>config/ftp-users</code> file is | The format of the <code>config/ftp-users</code> file is made up of 2-4 values, separated by colons (<code>:</code>), for example: | ||
# | # Comments start with a hash | ||
''''' | # user:password:subdirectory:quota | ||
alice:jd765DF2ioh-sg2:htdocs/files:1G | |||
charlie:{CRYPT}$6$sXwVQjpI$1DCuuVaTgmmciah.sZuYGCMuV.IcJff8Rsx1PX3OcJOv5CmCWTL9RGka.m56hDXt26fJyCS53R5ZWMBPFlsH21 | |||
=== Username === | |||
The first value in the file is the username. Note that this always has the domain added, so in the example the valid usernames would be <code>'''''alice@example.com'''''</code> and <code>'''''charlie@example.com'''''</code>'''.''' | |||
=== Password === | |||
The password can be either in plain text as shown in the first example, or encrypted format in the second example as generated by <code>[[sympl-encrypt-password]]</code>. Note that you should avoid using the colon (<code>:</code>) character in passwords where possible, or escape them by preceding them with a backslash (<code>\</code>). | |||
=== Subdirectory === | |||
The subdirectory field is optional, and changes the FTP root directory from it's default of <code>/srv/'''''example.com'''''/public/</code> to a subdirectory of <code>public/</code> which can be used to limit access to a specific directory. In the example, the user <code>'''''alice@example.com'''''</code> is restricted to the <code>/srv/'''''example.com'''''/public/'''''htdocs/files'''''</code> directory and it's contents. | |||
=== Quota === | |||
The quota field is optional, is a value in bytes with an [[File Size Suffixes|optional suffix]]. This prevents files being uploaded once the quota is reached, with the limit is based on files in the FTP root directory and all subdirectories, and defaults to the value from <code>/srv/'''''example.com'''''/config/ftp-quota</code> if unset. | |||
In the example, <code>'''''alice@example.com'''''</code> is limited to 1 Gigabyte of files in <code>/srv/'''''example.com'''''/public/'''''htdocs/files'''''</code> and it's subdirectories whereas <code>'''''charlie@example.com'''''</code> has no limit. | |||
== User Permissions == | |||
The permissions used by [[Pure-FTPd]] are inherited from the FTP root directory, which avoids permissions conflicts. This differs from [[Symbiosis]] which copied the permissions from the <code>/srv/'''''example.com'''''</code> directory. | |||
== Alternate Authentication Methods == | |||
As Sympl uses [[Pure-FTPd]], it's other authentication methods can optionally be used, and information on this is available in the [https://download.pureftpd.org/pub/pure-ftpd/doc/README.Virtual-Users Pure-FTPd documentation]. | |||
== Configuration Reference == | |||
<section begin=config /> | |||
{| class="wikitable sortable" | |||
|+ | |||
!File or Directory | |||
!Used For | |||
!More | |||
|- | |||
|<code>.../config/ftp-password</code> | |||
|Sets the password for FTP access to <code>/srv/'''''example.com'''''/public/</code> with the username <code>'''''example.com'''''</code> | |||
|<small>[[FTP Configuration Reference#Domain Authentication|More...]]</small> | |||
|- | |||
|<code>.../config/ftp-quota</code> | |||
|Sets a maximum size of files and directories in <code>/srv/'''''example.com'''''/public/</code> before preventing uploads. | |||
|<small>[[FTP Configuration Reference#FTP Quota|More...]]</small> | |||
|- | |||
|<code>.../config/ftp-users</code> | |||
|Per user configuration for FTP access. | |||
|<small>[[FTP Configuration Reference#Multi-User Authentication|More...]]</small> | |||
|}<section end=config /><blockquote>See also [https://wiki.sympl.host/view/Configuration_Reference ''Configuration Reference''] for other configuration files.</blockquote> | |||
[[Category:Reference]] | [[Category:Reference]] | ||
[[Category:FTP]] | [[Category:FTP]] | ||
Revision as of 12:01, 16 July 2019
FTP in SYmpl is provided by Pure-FTPd, and user configuration is typically done with one of two methods, either authenticating against the domain (example.com) with full access, or authenticating as a user on the domain (user@example.com) which supports limited access.
Domain Authentication
The most basic method of authentication provides access to the /srv/example.com/public/ directory and it's contents, but no directories above that.
To enable this, simply add a password in /srv/example.com/config/ftp-password either in plain text or as a hashed password (generated using sympl-encrypt-password).
Users can then log in to the server using an FTP client using any hostname or IP which points to the server, with the username example.com and password as set in config/ftp-password.
FTP Quota
If necessary, an FTP quota can be set in /srv/example.com/config/ftp-quota. This defaults to 0 if unset, and is a value in bytes, supporting the normal file size suffix format.
This quota will prevent any new uploads via FTP once the total size of all files and subdirectories in /srv/example.com/public/ (including logs) reaches the quota value, however it does not prevent web uploads or other processes using space.
Multi-User Authentication
The multi-user authentication method supports users with separate directory access and quotas, and is controlled with the /srv/example.com/config/ftp-users file, and again has access limited to /srv/example.com/public/.
The format of the config/ftp-users file is made up of 2-4 values, separated by colons (:), for example:
# Comments start with a hash
# user:password:subdirectory:quota
alice:jd765DF2ioh-sg2:htdocs/files:1G
charlie:{CRYPT}$6$sXwVQjpI$1DCuuVaTgmmciah.sZuYGCMuV.IcJff8Rsx1PX3OcJOv5CmCWTL9RGka.m56hDXt26fJyCS53R5ZWMBPFlsH21
Username
The first value in the file is the username. Note that this always has the domain added, so in the example the valid usernames would be alice@example.com and charlie@example.com.
Password
The password can be either in plain text as shown in the first example, or encrypted format in the second example as generated by sympl-encrypt-password. Note that you should avoid using the colon (:) character in passwords where possible, or escape them by preceding them with a backslash (\).
Subdirectory
The subdirectory field is optional, and changes the FTP root directory from it's default of /srv/example.com/public/ to a subdirectory of public/ which can be used to limit access to a specific directory. In the example, the user alice@example.com is restricted to the /srv/example.com/public/htdocs/files directory and it's contents.
Quota
The quota field is optional, is a value in bytes with an optional suffix. This prevents files being uploaded once the quota is reached, with the limit is based on files in the FTP root directory and all subdirectories, and defaults to the value from /srv/example.com/config/ftp-quota if unset.
In the example, alice@example.com is limited to 1 Gigabyte of files in /srv/example.com/public/htdocs/files and it's subdirectories whereas charlie@example.com has no limit.
User Permissions
The permissions used by Pure-FTPd are inherited from the FTP root directory, which avoids permissions conflicts. This differs from Symbiosis which copied the permissions from the /srv/example.com directory.
Alternate Authentication Methods
As Sympl uses Pure-FTPd, it's other authentication methods can optionally be used, and information on this is available in the Pure-FTPd documentation.
Configuration Reference
| File or Directory | Used For | More |
|---|---|---|
.../config/ftp-password
|
Sets the password for FTP access to /srv/example.com/public/ with the username example.com
|
More... |
.../config/ftp-quota
|
Sets a maximum size of files and directories in /srv/example.com/public/ before preventing uploads.
|
More... |
.../config/ftp-users
|
Per user configuration for FTP access. | More... |
See also Configuration Reference for other configuration files.