Monthly Archives: September 2007

ProFTPd Automated Home Dir Creation

I had a requirement to restrict who could log into a ftp server, to automatically create their home directory – but in a different directory thats set in LDAP – with the correct permissions, and then to chroot them into here. ProFTPd with mod_ldap happened to be the answer, although it took a little bit of fiddling to get the right settings, as below:

        LDAPDoAuth on "ou=people,dc=example,dc=com"
        LDAPDoUIDLookups on "ou=people,dc=example,dc=com"
        CreateHome on 755
        LDAPGenerateHomedir on
        LDAPGenerateHomedirPrefix /path/to/base/dir
        LDAPForceGeneratedHomedir on
        RequireValidShell       no
        DefaultRoot ~

You can easily set this to autogenerate the home directory from the homeDirectory attribute in LDAP by removing the LDAPGenerateHomedirprefix and LDAPForceGeneratedHomedir lines. See the docs for more details on the directives.