FTP server setup for your friends
I wanted to set up a simple FTP (sFTP) server for friends to share files without needing to use cloud storage or hosting sites. After some research I found the simplest solution and I wanted to document it here.
Setting Up the FTP Server
You will need a VPS, this is where the FTP server will be hosted on. OpenSSH should already be installed on it. Create a new group and a folder where the FTP server will be.
# groupadd ftp
# mkdir -p /opt/ftp
Configure /etc/ssh/sshd_config to allow users of the ftp group to login with their password. They will be jailed in the /opt/ftp folder and not go outside of it to explore the rest of the filesystem.
Match group ftp
ChrootDirectory /opt/ftp
X11Forwarding no
AllowTcpForwarding no
PasswordAuthentication yes
ForceCommand internal-sftp
Remember to restart the SSH daemon.
Adding the User
Create a user for your friend, add them to the ftp group and disallow shell access.
# useradd -g ftp -d /opt/ftp/FriendlyUser -s /sbin/nologin FriendlyUser
/opt/ftp needs to be owned by root, but inside of it create the home folder for the friend if it does not exist and change ownership.
# mkdir -p /opt/ftp/FriendlyUser
# chown FriendlyUser:ftp /opt/ftp/FriendlyUser
Permissions should be 755 if not already. This means that the owner can modify the content, but other members of the ftp group can only view (and download) content, not modify it.
Connecting
Your friend can connect through their preferred FTP client, for example WinSCP (Windows) or FileZilla (cross-platform).