Sometimes you may want to have ftp access to the www-root of a webserver for some developers or so. A simple way to do this is using proftpd and jailing your users into www-root directory

Install

aptitude install proftpd

User creation and permissions

First of all you have to create a user, developer f.e. This user has to have www-data as primary group, so that files and folders created by him, get www-data as group-attribute.

This assumes that you’re using debian with apache2, which is usually executed as user www-data.

# create new user with primary group www-data
adduser developer --ingroup www-data

To grant your ftp-users some rights on your www-root, you have to change permissions.

chown -R www-data:www-data /var/www
chmod -R 775 /var/www

Configuration

Edit /etc/proftpd/prftpd.conf to set some nice or needed options.

# make proftpd listen on vpn ip (if you like to do)
DefaultAddress 10.0.0.1
SocketBindTight on

# Use this to jail all users in their homes
DefaultRoot                     /var/www/

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask                           006  007

# user access limitations
<Limit LOGIN>
        AllowUser developer
        DenyAll
</Limit>