Creating FTP users on Linux

Sorry, I didn’t know where to post this, but here’s my question: How do I create FTP Users on Linux?
How do I go about doing that? Support for my host said:

You will need to connect to this server via SSH or Telnet then SU to root. Once you have done that, you will create users, etc via the standard methods used in RedHat Linux 7.2. For further assistance you will need to either referenced a book on RedHat 7.2 or check RedHat’s website.

Some help they were :rolleyes:
Yes, we do have a dedicated server.
I want to create FTP users with limitations:

  1. They can only upload to a certain directory, which I specify. They can however, create directories within that directory.
  2. They cannot upload files of specified types. I don’t want them uploading .cgi, .php, .htaccess, etc.

Can someone point me in the right direction? Thanks.

um, can i ask a question? Why did someone move this thread into unix/linux servers under WEBHOSTING? This is NOT a webhosting question. I didn’t post the thread in here because everything in here seems to be about webhosting and stuff. And this is NOT about webhosting.

I just want to know how to do something.

Perhaps you should have a FTP/Telnet/SSH forum, because that is where my thread belongs IMHO.

Sorry, just had to say so.

Yeah, it’s never easy to work out the most precise and still all encompasing taxonomy of web related topics that will cover every situation. But this forum is for discussing of unix/linux web server issues. And you have a redhat linux server right? And it is a remotely hosted web server right? … So this forum is for discussing these type of linux web server admin and related issues. This is a new forum category, and the web hosting categories were split up only recently. Thus, I think it will take some time for members to find the new forums and grok the new categories. However, while they do overlap, sysadmin and programming are two seperate areas and these issues are best dealt with here rather than in the programming forums which is where they often have been discussed in the past.

As for having a telnet/ssh/ftp forum, sure and we could have a forum for MTAs (mail transport agents); one for Bind DNS name server (named); one for Zeus web server; and so on…

Anyway, OK, well generally your system users can ftp to the server, specifically their home directory. However, you may configure ftp servers such as proftp to use “virtual” users rather than system users - but as your host is implying that you should create system users, we will stick with this method. The command line program you need to use is useradd which funny enough on linux can also be accessed as adduser - nice to know that the dyslexic are catered for.


       useradd - Create a new user or update default new user information

       useradd [-c comment] [-d home_dir]
               [-e expire_date] [-f inactive_time]
               [-g initial_group] [-G group[,...]]
               [-m [-k skeleton_dir] | -M] [-p passwd]
               [-s shell] [-u uid [ -o]] [-n] [-r] login

       useradd -D [-g default_group] [-b default_home]
               [-f default_inactive] [-e default_expire_date]
               [-s default_shell]

   Creating New Users
       When  invoked  without  the  -D  option, the useradd command creates a new user
       account using the values specified on the command line and the  default  values
       from the system.  The new user account will be entered into the system files as
       needed, the home directory will be created, and initial files copied, depending
       on the command line options.  The version provided with Red Hat Linux will cre­
       ate a group for each user added to the system, unless -n option is given.   The
       options which apply to the useradd command are

       -c comment
              The new user's password file comment field.

       -d home_dir
              The  new user will be created using home_dir as the value for the user's
              login  directory.   The  default  is  to  append  the  login   name   to
              default_home and use that as the login directory name.

       -e expire_date
              The date on which the user account will be disabled.  The date is speci­
              fied in the format YYYY-MM-DD.

       -f inactive_days
              The number of days after a password expires until the account is  perma­
              nently disabled.  A value of 0 disables the account as soon as the pass­
              word has expired, and a value of -1 disables the feature.   The  default
              value is -1.

       -g initial_group
              The  group  name or number of the user's initial login group.  The group
              name must exist.  A group number  must  refer  to  an  already  existing
              group.  The default group number is 1.

       -G group,[...]
              A list of supplementary groups which the user is also a member of.  Each
              group is separated from the next by a comma, with no intervening whites­
              pace.   The  groups  are  subject  to the same restrictions as the group
              given with the -g option.  The default is for the user to belong only to
              the initial group.

       -m     The  user's  home  directory  will be created if it does not exist.  The
              files contained in skeleton_dir will be copied to the home directory  if
              the  -k  option is used, otherwise the files contained in /etc/skel will
              be used instead.  Any directories contained in skeleton_dir or /etc/skel
              will  be created in the user's home directory as well.  The -k option is
              only valid in conjunction with the -m option.  The  default  is  to  not
              create the directory and to not copy any files.

       -M     The  user  home  directory  will not be created, even if the system wide
              settings from /etc/login.defs is to create home dirs.

       -n     A group having the same name as the user being added to the system  will
              be created by default. This option will turn off this Red Hat Linux spe­
              cific behavior.

       -r     This flag is used to create a system account. That is, an user  with  an
              UID  lower  than  value of UID_MIN defined in /etc/login.defs. Note that
              useradd will not create a home directory for such an user, regardless of
              the  default  setting in /etc/login.defs.  You have to specify -m option
              if you want a home directory for a system account to be  created.   This
              is an option added by Red Hat.

       -p passwd
              The  encrypted password, as returned by crypt(3) or an MD5 password gen­
              erator.  The default is to disable the account.

       -s shell
              The name of the user's login shell.  The default is to leave this  field
              blank, which causes the system to select the default login shell.

       -u uid The numerical value of the user's ID.  This value must be unique, unless
              the -o option is used.  The value must be non-negative.  The default  is
              to  use  the  smallest  ID  value greater than 99 and greater than every
              other user.  Values between 0 and 99 are typically reserved  for  system

   Changing the default values
       When  invoked  with  the  -D  option,  useradd  will either display the current
       default values, or update the default values from the command line.  The  valid
       options are

       -b default_home
              The  initial  path  prefix  for a new user's home directory.  The user's
              name will be affixed to the end of default_home to create the new direc­
              tory name if the -d option is not used when creating a new account.

       -e default_expire_date
              The date on which the user account is disabled.

       -f default_inactive
              The  number of days after a password has expired before the account will
              be disabled.

       -g default_group
              The group name or ID for a new user's initial group.   The  named  group
              must exist, and a numerical group ID must have an existing entry .

       -s default_shell
              The  name of the new user's login shell.  The named program will be used
              for all future new user accounts.

       If no options are specified, useradd displays the current default values.

       The system administrator is responsible for placing the default user  files  in
       the /etc/skel directory.
       This version of useradd was modified by Red Hat to suit Red Hat user/group con­

       You may not add a user to an NIS group.  This must  be  performed  on  the  NIS

       /etc/passwd - user account information
       /etc/shadow - secure user account information
       /etc/group - group information
       /etc/default/useradd - default information
       /etc/login.defs - system-wide settings
       /etc/skel - directory containing default files

       chfn(1),  chsh(1),  crypt(3), groupadd(8), groupdel(8), groupmod(8), passwd(1),
       userdel(8), usermod(8)

       Julianne Frances Haugh (

You can view the manual page for any system program yourself by typing man program-name at the command prompt. Eg, man useradd

Now, in terms of configuring your ftp server, you had better tell us exactly which one you are using. For example, lets say you are using proftpd. In this case, to root jail your users into their home directory you place the following directive in your proftpd.conf file:

DefaultRoot ~

As for limiting the file types allowed, this is most do-able, but I don’t know the directives for proftp off the top of my head. In any case consult the documentation, or post back with details of which ftp server you are using and someone may have more specific advice.

Allowing users to mkdir within their home directory should be default behaviour on most ftp servers. You may want to check whether you want to allow your users to chmod their files. In proftpd you can specify this in the default directory directives:

# Normally, we want files to be overwriteable.
<Directory /*>
  AllowOverwrite on
  AllowChmod on

Just one more thing - it’s always a good idea for security to not allow the root user to log into ftp. In proftpd you use the directive:

RootLogin off

Getting back to adding system users. If you do not have any control panel installed on the server, I recommend installing webmin It is a nice open source linux admin control panel and can help you get up to speed with linux admin as it provides a web form interface for things such as managing your system users, configuring your servers such as ftpd, etc.

Originally posted by freakysid
Anyway, OK, well generally your system users can ftp to the server, specifically their home directory. However, you may configure ftp servers such as proftp to use “virtual” users rather than system users - but as your host is implying that you should create system users, we will stick with this method.

Could you tell me more about using proftp and “virtual” users to set up ftp on my server? I have proftp installed, but I don’t know much about administrating a linux web server.

Thank you VERY much freakysid! That was very helpful. FTP is a NcFTPd server. =/

I am going to try it out tomorrow as soon as I get home. Thanks!

help?? :confused:
I don’t know how to “SU to root” and I haven’t been able to find something that shows me how =/

I’m so dumb, sorry. I applied for a Linux class for the summer because I know absolutely nothing about linux. Sorry! :bawling:

psychedelic, you can do the following to su (switch user) to root on a linux box if you have the root password. Login with your regular username/password and from a virtual console under KDE/Gnome/Other Window Manager session or from *tty? using <CTRL> + <ALT> + *<F?>. Now type “su” and hit <Enter>. You wil now be prompted for a password and it should look similar to what I have here:


Type in the root users password, while typing the password the characters may not show up at all, that is ok. After typing in password just hit <Enter> again. If you have the password correct you should now see your prompt change from a “$” ro a “#”. You can also verify you are su’ed to root by isuing the command whoami and hitting enter. The response should simply be “root” and NOT your regular username. When you are done working as rot remeber to type “exit” and <Enter> to “su” back to your user. Also you can hit <CTRL> + <ALT> + <F7> to get back to your Desktop when done if needed. :slight_smile:

*? can be a number from 1 to 6 for the respective tty terminal ie… <F1> for tty1 or <F6> for tty6