File Transfer Protocol (FTP) is a standard network protocol used to transfer files between a client and a server. This guide will walk you through setting up FTP access for a Symbiosis server.
This is great for scenarios where you don’t want to give access to the full machine. For example, if you have a web hosting client who has designed their own site and would like to upload it themselves. This is typical for a shared hosting client. Using FTP access, it is not necessary to grant them access to all domains on the machine, or even the config or mailboxes section of their own domain. It limits them to the files inside the public/ directory ie. only those associated with the website.
Things you’ll need
Before you start this section:
1. Connect to your server over SFTP using FileZilla (see Connecting to your Server Using FTP).
2. Set up a website (see Setting up a Website).
Disclaimer
Please be aware that, despite being limited to the public/ directory when logging in over FTP, it is trivial for a user to read files elsewhere on the filesystem by, for example, using specially written PHP scripts. Therefore, it is advisable to only grant access to trusted people.
Creating a new FTP account
In this example, access to the content of the my-brilliant-site.com site is being given to another user, but they are only to have access to /srv/my-brilliant-site.com/public/. To set this up, an FTP password is being created.
- Connect to your machine using FileZilla.
- Navigate to
/srv/my-brilliant-site.com/config/ - Create a file
ftp-passworda that contains a secure password your shared hosting client will use, ensure that theconfig/directory is selected b and upload the file, c. Make sure that there is no txt extension on this file.
Access to the machine can now be granted over FTP using the username my-brilliant-site.com and the password being the contents of /srv/my-brilliant-site.com/config/ftp-password.
Testing the Connection
We will now test the connection to make sure it works, also using FileZilla, since it can be used to connect via FTP as well as SFTP.
- Make sure FileZilla has disconnected from the machine.
- The host a and the user b are both the domain name, in this case my-brilliant-site.com. The password c is the contents of the
ftp-passwordfile and for FTP the port number must be set to 21, d.
- Once you connect you’ll notice that you only have access to directories beneath the
public/directory (here represented as “/”) of themy-brilliant-site.com/directory tree, which is all you’d need if your role was limited to maintaining or setting up a web site.
Setting FTP quotas
It is possible to limit the amount of data that can be kept in a domain’s public/directory using an FTP quota. This is done by creating a file inside the domain’s config/directory called ftp-quota. Inside this file should be a number of bytes at which the quota is set.
The number can have a suffix of k, M, G, or T representing kilo-, mega-, giga-, or terabytes respectively.
For example, to prevent the author of my-brilliant-site.com from putting more than 150MB inside their public/ directory, create a file called /srv/my-brilliant-site.com/config/ftp-quota with the contents 150M. This will limit their space usage to 150,000,000 bytes.
Note: Please be aware that the FTP quota will include all log data from the web-server in
public/logs/, as well as the automatically generated statistics inpublic/htdocs/stats/.
Configuring multiple users for one domain
The ftp-password file will set up just one user for the whole domain. If you would like more fine-grained control over who can access what, then you can use the ftp-users file.
This section describes how to set up distinct per-domain FTP/FTPS users. Where with the ftp-password setup you may have logged in with a user like:
my-brilliant-site.com
With this method you can have many users, of the form:
bob@my-brilliant-site.com
alice@my-brilliant-site.com
charlie@my-brilliant-site.com
Users can be limited to specific directories, and quotas imposed on each, so bob@my-brilliant-site.com may be limited to eg, htdocs, which works out as /srv/my-brilliant-site.com/public/htdocs. These domain-based users do not have SSH/SFTP access.
Each user is defined using four fields, added to /srv/my-brilliant-site.com/config/ftp-users:
- username (just the bit before the
@sign); - password (can be in plain text or hashed);
- directory (limited to directories in
/srv/my-brilliant-site.com/public); - quota (in the same format described above).
Configuration for giving bob access and a quota of 10 megabytes will look like so:
bob:your-password-here:htdocs:10M
This can be done for any number of users – all are specified in the same ftp-users file. In this example, Bob would log in with the FTP username of bob@my-brilliant-site.com and the password your-password-here, and he would only have access to /srv/my-brilliant-site.com/public/htdocs, which would be limited in size to 10 megabytes of data.
You are currently viewing Symbiosis user documentation. Symbiosis also has a comprehensive technical reference manual.