The joys of FTP servers

So I have an ftp server set up on the, er hmm server. In fact I have two of them running. This is due to apache running two web servers, each under it’s own domain and each under it’s own IP address. WordPress likes to update using FTP, but the directories are all owned by the website users (as in I have a unique user account per web domain). This is for security reasons, I don’t want the user of one to be able to access the other. So each FTP server is bound to the IP address of it’s own domain and set to the certificate of that domain (even though it’s only really communicating to itself inside the box, there is no external FTP access as it’s blocked by two levels of firewalls). This all works fine, except when you want to transfer a file to / from the server. You can piss about and log into one of the existing servers using the credentials for that domain and end up uploading / downloading files from the var/www/domain directory (when you’ve finally figured out which directory you actually have write access to). But that’s an ass and I wanted to just be able to move files to some home type directoy.

So now I’ve added a third FTP server deamon. This one is bound to the DHCP IP address of the server (local subnet), this is just using the snake oil certificate as again I’m only transferring inside the local network. I had to create a new unique user. But the fun thing is when I logged in using the user credentials I get and error about chroot. It appears the only way to fix it was to make the user directory not writeable and then add a subdirectory under it called ‘upload’ and make this writeable by the same user. This works fine. Also cannot escape the home directory so all is good with the world.

Next job is remote server backup storage by SFTP. So far I’ve got as far as encrypting the backup files using a private key using openssl. More joy for the weekend I’m sure.

Leave a Reply

Your email address will not be published. Required fields are marked *