This manual explains how you can run a SFTP server with passwords set by the users.
I'm running a little FTP server using the SFTP command provided by openSSH.
Because I don't want to know the passwords of the users I've thought about a method to provide the user an interface so they can set the password of their account.
Warranty
- create 2 groups:
groupadd ftpusers && groupadd preftpusers
Match Group ftpusers AllowAgentForwarding no AllowTcpForwarding no ChrootDirectory %h ForceCommand internal-sftp MaxAuthTries 3 MaxSessions 5 PasswordAuthentication yes PermitRootLogin no PermitTunnel no X11Forwarding no
#!/bin/bash SCRIPT="$(basename $0)" FIFOFILE="/tmp/${SCRIPT}.fifo" FTPGROUP="ftpusers" PREFTPGROUP="preftpusers" function cleanup () { rm -f ${FIFOFILE} trap - INT TERM EXIT } trap 'cleanup && exit 0' INT TERM EXIT mkfifo -m 622 ${FIFOFILE} || exit 1 exec 30<> ${FIFOFILE} while true do while read <&30 do user="${REPLY}" groups=( $(groups ${user} 2>/dev/null) ) echo "$(date) ${user}" [[ -z "${groups[@]}" ]] && continue if ! grep -xFf <(printf '%s\n' ${groups[@]}) <(printf '%s\n' ${FTPGROUP[@]}) >/dev/null && grep -xFf <(printf '%s\n' ${groups[@]}) <(printf '%s\n' ${PREFTPGROUP[@]}) >/dev/null then usermod -g ${FTPGROUP} -s /bin/false ${user} fi done done
#!/bin/bash passwd || exit 1 echo "${USER}" > /tmp/ftpusers.sh.fifo 2>/dev/null || exit 1
useradd -s /path/to/ftpfirstlogin.sh -g preftpusers <username> && passwd <username>
bash /path/to/ftpusers.sh
or if you want to use the init-script just run:
/etc/rc.d/ftpserver start
Just remove the user from the group ftpusers.
usermod -g preftpusers -s /path/to/ftpfirstlogin.sh <username>