Setting the FTP User Account

FTP has been the target of attacks from hackers. You need to be careful while configuring FTP. FTP users should not be given the shell account for security reasons. You should not allow FTP users to execute all the tasks that normal users on your Linux system can perform. This section provides the steps you need to follow to create new FTP users.

Start by creating new users in the /etc/passwd file. To do this, execute the following commands:

# mkdir /home/ftp
# useradd -d /home/ftp/ftpuser2/ -s /dev/null
# passwd ftpuser2

The mkdir command creates the /home/ftp directory. This directory will contain all FTP users' home directories. Next, use the useradd command to add a new user ftpuser2 to the server. You set the password for ftpuser2 by using the passwd command.

The next step is performed to limit the access of FTP users on your system. To do this, you need to edit the /etc/shells file as follows:

/bin/bash
/bin/sh
/bin/ash
/bin/bsh
/bin/tcsh
/bin/csh
/dev/null

Notice the last statement, /dev/null. This statement will add a non-existent shell. Next, you need to edit the /etc/passwd file. The original entry for the ftpuser2 user is in the /etc/passwd file is shown here:

The above entry should be modified as follows:

The preceding modification needs to be done for every user on a system that requires FTP access. After you have the above modifications, a fake shell is created for the FTP users, limiting their access to the system.