Creating an FTP-Only Site in Plesk 9

by Al Beecy September 12, 2009
Plesk can be really annoying at times. Sometimes tasks that should be dirt simple like making a basic FTP site without associated web hosting can be next to impossible.

After wasting about a half hour hunting around in Plesk 9 for a way to make an FTP site (authenticated) that did not also set up a website, I concluded that it simply could not be done through the interface. 

Fine, I'll do it the old-fashioned way: I'll Google up an answer. After visiting a couple sites courtesy of Google, a consensus emerged. The way to create an ftp site/account was to connect via SSH and use the following three commands, followed by a little tweaking of the /etc/passwd file.

/# mkdir /home/ftp
/# useradd -d /home/ftp/ftpuser/ -s /dev/null ftpuser > /dev/null 2>&1
/# passwd ftpuser

The first line creates an /ftp folder beneath /home. The second creates a new user named "ftpuser". And the third allows you to set his pasword. So far, so good.

The next generally recommended step was to edit the /etc/passwd file, changing this:

ftpuser:x:502:502::/home/ftp/ftpuser/:/dev/null
to this:
ftpuser:x:502:502::/home/ftp/./ftpuser/:/dev/null
adding an extra dot slash between "ftp/" and "ftpuser".  I used nano.

Didn't work. All the commands were successful, but FileZilla could not connect. Kept getting "bad login".

Back to the drawing board.  My problem was that sites created in Plesk allowed too much access to uploaded content, specifically, HTTP access. It also subjected the ftp user to a hodgepodge of silly folders since the ftp account wa rooted above all the folders associated with the domain like:

/anon_ftp
/bin
/conf
/error_docs
/httpsdocs
/pd
/private
/statistics
/web_users
/cgi-bin
/httpdocs

Even worse, some of these folders could not be deleted, nor could files be wrtten to the "root" of this structure. Very annoying.

I decided that to make this mess usable for an FTP-only site, I needed to do two things:
  1. Prevent access to the bogus website via HTTP.
  2. Re-root the login to a secure folder just in case someone found a way around my solution to step 1.
The first part was pretty straight forward. I would drop a simple one-line .htaccess file in the various web-accessible directories to punt unwanted browsers from my site:

deny from all

The next required a secure directory to which I could re-root my ftp user. Fortunately, there already was such a directory, named "private". So off I went to the /etc/passwd file again, where I changed this: 

ftpuser:x:10021:2522::/var/www/vhosts/ftp.foo.com:/bin/false
to this:
ftpuser:x:10021:2522::/var/www/vhosts/ftp.foo.com/private:/bin/false

Now to test. I popped open a browser and went to my site. Got nada via HTTP except a stupid Apache message providing way more information about my server than I thought was sensible to reveal.  Seems if httpdocs can't be accessed, Apache gets stupid.

Fine. I replaced the .htaccess files with a zero-byte index.html. Now all I get is a blank white screen. "Good enough for government work", as we used to say in the Army.

Now the real test: ftp. First I go to the site using various browsers using ftp://. Up pops a login screen on all of them. I provide crdentials and land in my nice empty, private root. Looking good.

One last test: FilleZilla. I enter my site and credentials and click connect. It connects, and I'm again in my private root. Time for a beer!

Hope this helps someone.

Tags:

Linux | Networking and Hosting | Plesk

Comments

September 16, 2009 #

Anonymous

did you know that you can use Windows Explorer as your ftp?

Anonymous United States

September 16, 2009 #

Al Beecy

Yes, in fact, sometimes I do.  But I was talking about creating the ftp site itself so that it was rooted in a way that did not expose it's contents to HTTP access or force the ftp user to deal with a bunch of silly web-related folders when all they wanted was a place to put files.

Al Beecy United States

Powered by BlogEngine.NET1.5.0.7 | Theme by Mads Kristensen