FTP Configuration Reference

From Sympl Wiki
Jump to navigation Jump to search

FTP in Sympl is provided by Pure-FTPd, and user configuration is typically done with one of two methods, either authenticating against the domain (example.com) with full access, or authenticating as a user on the domain (user@example.com) which supports limited access.

Domain Authentication

The most basic method of FTP authentication provides access to the /srv/example.com/public/ directory and it's contents, but no directories above that.

To enable this, simply add a password in /srv/example.com/config/ftp-password either in plain text or as a hashed password (generated using sympl-encrypt-password).

Users can then log in to the server using an FTP client using any hostname or IP which points to the server, with the username example.com and password as set in config/ftp-password.

FTP Quota

If necessary, an FTP quota can be set in /srv/example.com/config/ftp-quota. This defaults to 0 if unset, and is a value in bytes, supporting the normal file size suffix format.

This quota will prevent any new uploads via FTP once the total size of all files and subdirectories in /srv/example.com/public/ (including logs) reaches the quota value, however it does not prevent web uploads or other processes using space.

Multi-User Authentication

The multi-user authentication method supports users with separate directory access and quotas, and is controlled with the /srv/example.com/config/ftp-users file, and again has access limited to /srv/example.com/public/.

The format of the config/ftp-users file is made up of 2-4 values, separated by colons (:), for example:

# Comments start with a hash
# user:password:subdirectory:quota
alice:jd765DF2ioh-sg2:htdocs/files:1G
charlie:{CRYPT}$6$sXwVQjpI$1DCuuVaTgmmciah.sZuYGCMuV.IcJff8Rsx1PX3OcJOv5CmCWTL9RGka.m56hDXt26fJyCS53R5ZWMBPFlsH21

Username

The first value in the file is the username. Note that this always has the domain added, so in the example the valid usernames would be alice@example.com and charlie@example.com.

Password

The password can be either in plain text as shown in the first example, or encrypted format in the second example as generated by sympl-encrypt-password. Note that you should avoid using the colon (:) character in passwords where possible, or escape them by preceding them with a backslash (\).

Subdirectory

The subdirectory field is optional, and changes the FTP root directory from it's default of /srv/example.com/public/ to a subdirectory of public/ which can be used to limit access to a specific directory. In the example, the user alice@example.com is restricted to the /srv/example.com/public/htdocs/files directory and it's contents.

Quota

The quota field is optional, is a value in bytes with an optional suffix. This prevents files being uploaded once the quota is reached, with the limit is based on files in the FTP root directory and all subdirectories, and defaults to the value from /srv/example.com/config/ftp-quota if unset.

In the example, alice@example.com is limited to 1 Gigabyte of files in /srv/example.com/public/htdocs/files and it's subdirectories whereas charlie@example.com has no limit.

User Permissions

The permissions used by Pure-FTPd are inherited from the FTP root directory, which avoids permissions conflicts. This differs from Symbiosis which copied the permissions from the /srv/example.com directory.

Alternate Authentication Methods

As Sympl uses Pure-FTPd, it's other authentication methods can optionally be used, and information on this is available in the Pure-FTPd documentation.

Configuration Reference

File or Directory Used For More
.../config/ftp-password Sets the password for FTP access to /srv/example.com/public/ with the username example.com More...
.../config/ftp-quota Sets a maximum size of files and directories in /srv/example.com/public/ before preventing uploads. More...
.../config/ftp-users Per user configuration for FTP access. More...

See also Configuration Reference for other configuration files.