Setup ProFTPD server with Multiple Jailed Users [Updated 2024]

To restrict the FTP user so they can only access their own home directory and not the rest of the system, you need to configure ProFTPD to jail users in their home directories. This can be done using the DefaultRoot directive in the ProFTPD configuration file. Here’s how you can achieve that:

Ensure Proper Configuration in proftpd.conf: Open the ProFTPD configuration file:

   sudo nano /etc/proftpd/proftpd.conf

Add or modify the following lines to ensure the FTP users are restricted to their home directories:

   # To jail users in their home directory
   DefaultRoot ~

   # 
   RequireValidShell off

Ensure User's Shell is Allowed: Ensure that the user's shell is valid and listed in /etc/shells. You can use /bin/false or /usr/sbin/nologin to restrict the user to FTP only.

   echo "/bin/false" | sudo tee -a /etc/shells
   echo "/usr/sbin/nologin" | sudo tee -a /etc/shells

Then, assign one of these shells to your FTP user:

   sudo usermod -s /bin/false ftpuser

Create a Directory for the User: Ensure the user's home directory is properly set up:

   sudo mkdir -p /home/ftpuser/ftp
   sudo chown -R ftpuser:ftpuser /home/ftpuser/ftp
   sudo chmod -R 755 /home/ftpuser/ftp

Here, the ftp directory inside the user's home directory will be their FTP root.

Ensure User's Shell is Allowed: Sometimes, FTP users are restricted due to their shell. Ensure that the user has a valid shell listed in /etc/shells. You can add /bin/false or /usr/sbin/nologin to /etc/shells if you want to create a user that cannot log in via SSH but can use FTP.

   echo "/bin/false" | sudo tee -a /etc/shells
   echo "/usr/sbin/nologin" | sudo tee -a /etc/shells

Then, assign one of these shells to your FTP user:

   sudo usermod -s /bin/false ftpuser

Restart ProFTPD: Restart the ProFTPD service to apply the changes.

   sudo systemctl restart proftpd