How to run uFTP - FTP server with a non root account
In this section we are going to cover a specific use case: how to run uFTP - FTP server without the root access. This use case is useful for who needs to run a FTP server on some embedded devices which do not allow root accounts or for some applications to grand more safety.
To run an FTP server as a non root user the 1st step is to: Change the default FPT port 21 to be above 1024, for instance port 2000 will work. This change is needed because Linux doesn't allow non root processes to use standard ports due to security reasons.
To change the default uFTP server port just edit in the configuration file the following section:
#TCP/IP PORT SETTINGS (DEFAULT 21) FTP_PORT = 2000
Feel free to change FTP_PORT with the one you prefer with a port number > 1024.
The second step is that the config file should be copied in the same directory of the binary file.
The 3rd step is to disable settings which are requiring root access, change the configuration part like above:
SINGLE_INSTANCE = false #Allow only one server instance (true or false) DAEMON_MODE = false #Run in background, daemon mode ok
By disabling single instance check and daemon mode uFTP will avoid using restricted permission kernel calls.
The next step is to set the user config accordingly in the configuration file:
In the user section of the config file set the configuration to match GROUP_NAME_OWNER_X and USER_NAME_OWNER_X to the user that will execute the server.
For instance if your user is pluto and group pippo:
#USERS #START FROM USER 0 TO XXX USER_0 = plutoftp PASSWORD_0 = plutosecretpassword HOME_0 = /home/pluto/ GROUP_NAME_OWNER_0 = pluto USER_NAME_OWNER_0 = pluto
The final step, if you need logs for debug purpose is to change the log location to be located in a folder writable by the user:
Example below:
# Folder where to save the logs, use the same format below, the folder must terminate with / LOG_FOLDER = /home/pluto/uFTP/logs
After all these changes you can execute uFTP with the terminal or with any other script logged as the non root username.