ProFTPd Automated Home Dir Creation

I had a requirement to restrict who could log into a ftp server, to automatically create their home directory – but in a different directory thats set in LDAP – with the correct permissions, and then to chroot them into here. ProFTPd with mod_ldap happened to be the answer, although it took a little bit of fiddling to get the right settings, as below:

        LDAPServer ldap.example.com
        LDAPDoAuth on "ou=people,dc=example,dc=com"
             "(&(uid=%v)(objectclass=posixAccount))"
        LDAPDoUIDLookups on "ou=people,dc=example,dc=com"
        CreateHome on 755
        LDAPGenerateHomedir on
        LDAPGenerateHomedirPrefix /path/to/base/dir
        LDAPForceGeneratedHomedir on
        RequireValidShell       no
        DefaultRoot ~

You can easily set this to autogenerate the home directory from the homeDirectory attribute in LDAP by removing the LDAPGenerateHomedirprefix and LDAPForceGeneratedHomedir lines. See the docs for more details on the directives.

Leave a Reply

Your email address will not be published. Required fields are marked *