How can I create read-only FTP access for user on Apache server?

Question

I have a web site with lots of pages of photography. In order to allow visitors to download groups of photos without having to save each one individually, I want to create a read-only FTP user that will be publicly available.

Via the control panel for the host, I can create "regular" FTP user accounts, but they have write access, which is unacceptable.

Since there are several domains and subdomains hosted on the same server I don't want to use anonymous FTP -- the read-only FTP account should be restricted to a specific directory/sub-directories.

If possible, I would also like to know how to exclude specific directories from the read-only FTP access I grant to this new user.

I've looked all over on the server to find where user account info is stored to no avail. Specifically I looked in httpd.conf, and found LoadModule proxy_ftp_module modules/mod_proxy_ftp.so, but I don't know how to go about working with it (or if it's even relevant).

Answer 1

It seems like your reason for using FTP is to let people download many photographs at once. You can just serve links to zip files too, using standard Apache HTTP access control. This way the specific risk of people deleting or overwriting your files, which you mentioned, is eliminated by using plain HTTP.

You can make one directory to provide an index of the zip files to download

<Directory /var/www/photos/>
    Order allow,deny
    Allow from all
    Options Indexes
</Directory>

And apply standard permissions to the rest of your directories

# your file system is off limits 
<Directory />
    Options None
    AllowOverride None
    Order deny,allow
    Deny from all
</Directory>

DocumentRoot /var/www/

# the rest of your content.
<Directory /var/www/>
    <LimitExcept GET POST>
        deny from all
    </LimitExcept>

    Order allow,deny
    Allow from all
    Options None
</Directory>