FTP Access

Configuration

  • Enable FTP service in Control Panel –> File Services
  • Set the required passive ports in Use the following port range
  • Enable Change user root directories in Advanced Settings, then Select User –> Add to add the user and restrict him to his home or a shared folder
  • Do not forget to add Application Privileges in Control Panel –> User for the users you want to allow FTP access

Hardening

As FTP is not a safe protocol, I strongly recommend to harden access to the server with the following measures.

  • Do not allow any user FTP access. Instead, create a dedicated ftp user (e.g. <ftpuser>), and restrict this user to his home directory.
  • As every user is mandatory member of group <users>, you need to allow the group FTP application permission. Deny FTP application permission for every user except <ftpuser>.
  • Deny all access permissions and all application permissions except FTP for <ftpuser>.
  • Add <ftpuser> in Advanced Settings under Control Panel –> FTP and select user home.

Applications for FTP