## FTP SETUP

I set everything up with `vsftpd`

### Install

As root

`apt-get install vsftpd libpam-pwdfile`

Edit `/etc/vsftpd.conf`, comment out everything and put this at the bottom:

```
# CUSTOM FOR EXAMPLE "ACME"

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/home/wwwgeneral/sites/acme_dropbox/acme_dropbox
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES

#virutal user settings
user_config_dir=/etc/vsftpd_user_conf
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd

# Enable  passive mode
pasv_enable=YES
pasv_max_port=12100
pasv_min_port=12000
port_enable=YES
pasv_address=52.22.81.201
```

This setup allows us to create virtual users to point to various directories under the website dir `/home/wwwgeneral/sites/acme_dropbox/acme_dropbox`

Also the `pasv_address` IP should be the static ip of the server.


Create the FTP parent user in the www-data group (so apache and the ftp user can edit the same folders)

`useradd --home /home/vsftpd --gid www-data -m --shell /bin/false vsftpd`

Create a virtual user (first time)

```
mkdir /etc/vsftpd
htpasswd -cd /etc/vsftpd/ftpd.passwd [username]
```

Setup PAM config to user our username/password system

`nano /etc/pam.d/vsftpd`

Comment out this file and put in so our virttual users can log in

```
auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so
```

Virtual user configs will live in `/etc/vsftpd_user_conf/` so each user needs a file here, e.g. `/etc/vsftpd_user_conf/user1`

`vim /etc/vsftpd_user_conf/user1`

```
local_root=/home/wwwgeneral/sites/acme_dropbox/acme_dropbox/foobar
```

Restart FTP

`service vsftpd restart`

### Create additional users

Create the user and password for `user2`

`htpasswd -d /etc/vsftpd/ftpd.passwd user2`

Create the config

`vim /etc/vsftpd_user_conf/user2`

```
local_root=/home/wwwgeneral/sites/acme_dropbox/acme_dropbox/foobar
```

Restart

`service vsftpd restart`


### Remove user

`vim /etc/vsftpd/ftpd.passwd`

Delete the user

rm `/etc/vsftpd_user_conf/[user]`

Restart

`service vsftpd restart`


### For Longer than 8 Char passwords

`htpasswd -c -p -b /etc/vsftpd/ftpd.passwd user1 $(openssl passwd -1 -noverify password)`


## PERMISSIONS

We need to make sure acme_dropbox creates folders with the correct permissions

Since our ftp user is in www-data and so is apache we can set group permissions recursively

```
setfacl -R -d -m u::rwx acme_dropbox
setfacl -R -d -m g::rwx acme_dropbox
```