Joe, Jamie, andreychek you should seriously consider making SFTP the default file transfer technology in Virtualmin:
-FTP(S) requires a big range of high ports opened - that implies you don’t have a firewall anymore; or to use something like ftp_conntrack in iptables, but if you have a different firewall in FRONT of the server, that doesn’t help you anymore; and if you are using FTPS, the firewall can’t really listen for FTP traffic to open ports (it is encrypted). Yeah, I know: CCC, but I rather not trust that all the firewalls I put in front of my server (just for fun) work with that; cause they don’t. So FTPS is difficult for most people to configure. And FTP sends everything in plain text. Never mind it was designed in '70s…
-webDAVS for me sucks big time as you have to let loose the rights on directories, and my permissions are always maximum 755 for folders and 644 for files with the proper uid/gid. This is a no-no mostly because that’s what keeps a web server working, not letting scripts influence other virtual servers/directories/files. It seems to me like a serious security issue, that’s how mass defaces are done. And I decided not to use it. But webdavs is still cool, as you might use it in just a directory. …/public_html/Owncloud for example
-“FTP over SSH” - this shouldn’t be used; in fact you are logging in SSH, on the same port used by SSH, and yes there are difficulties to configure every user and group; in fact this function it is better to be disabled in SSH so the ones that login via SSH shouldn’t be able to use it!
-SFTP “Secure File Transfer Protocol” as the SFTP module for Proftpd; the FTP server (Proftpd) can be configured (easily) to use SFTP, on a DIFFERENT port from SSH and FTP or FTPS; there are no problems here as it respects the way (FTP or FTPS) it was working, including user access and rights! The users are jailed in their homes, at least it works for me; and you can’t believe how simple is to achieve that. If someone thinks that the users CAN’T BE JAILED, please post here, how/why/setup/conditions. BTW, you can’t login from a terminal here, I guess somehow you don’t get a shell? Which is uber-ok.
So SFTP is the only thing we should use. Hope some more people agree with me, and you would consider this. It requires only one port (different from SSH, in fact SFTP must be disabled in SSH, and SFTP configured as a module in Proftpd, so the users are not seeing the root (default SSH behavior), but their home, like in ProFTPD; no configuration of “FTP over SSH” which is a nightmare in a hosting environment, it’s just Proftpd making good use of SSH and a nice protocol), firewalls are left intact and/or no stupid modules in iptables, everything secured so on.
After I got it working I was thinking “why the hell are we still using FTP(S)”??? And it works with keys or passwords