Posted by Adam Niedzwiedzki on 02 September 2013
After a fresh install of Ubuntu complete the following.
sudo su
passwd root
exit
exit |
-> login as root
dpkg-reconfigure tzdata
dpkg -P apparmor apparmor-utils
apt-get update
apt-get upgrade
reboot |
-> login as root
apt-get dist-upgrade
reboot |
-> login as root
apt-get autoremove
apt-get install ssh openssh-server openntpd
exit |
-> ssh as root
apt-get install apache2
apt-get install php5 php-pear php5-mysql php5-gd |
-> Setup of MTA send ONLY
apt-get install exim4-daemon-light mailutils
dpkg-reconfigure exim4-config |
-> Select "internet site;" -> Ok -> Enter/Accept default entry as the FQDN -> Enter "127.0.0.1" to listen on -> Enter/Accept default in recipient domains -> Leave relay domains and relay machines blank -> Select No to keep DNS queries to a minimum -> Select "Maildir" for locally delivered email -> Select No to split file configuration -> Setup vsftpd
apt-get install vsftpd libpam-pwdfile |
Edit vsftpd.conf
mv /etc/vsftpd.conf /etc/vsftpd.conf.bak
vi /etc/vsftpd.conf |
Add the following
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
nopriv_user=vsftpd
virtual_use_local_privs=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/$USER
chroot_local_user=YES
hide_ids=YES
guest_username=vsftpd
pasv_promiscuous=YES |
Register the virtual users
mkdir /etc/vsftpd
htpasswd -cd /etc/vsftpd/ftpd.passwd user1
htpasswd -d /etc/vsftpd/ftpd.passwd user2
mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak
vi /etc/pam.d/vsftpd |
Add the following
auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so |
Create the local vsftpd user without shell access
useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd |
Restart vsftpd
Now we create the users directories
mkdir /var/www/user1
chmod -w /var/www/user1
mkdir /var/www/user1/www
chmod -R 755 /var/www/user1/www
chown -R www-data: /var/www/user1 |
The main one to not forget is the removal of write access to the users root directory /var/www/user1