How to give FTP access to contractors/developers

Hi @Joe @staff @andreychek, @andreychektest (Tagging you to get some urgent traction)

I have got an urgent production issue, plus as I am a Virtualmin Pro member, I believe I can get a personalised response ASAP rather than waiting for someone in the forum to answer it.

Also, if you can make this ticket private it will be really helpful as I believe I will have to share my IP address etc. Can you please confirm once the ticket is private the details of the ticket cannot be accessed by anyone in the wider forum - not even after 2-5-10 years.

Coming to the issue:
We have started working on slightly bigger projects wherein we need to use developers from different locations (sometimes from outside the countries as well). Generally, these developers are contractors, so as you can imagine, the safety and security of our system is very important.

We, therefore, want to give them FTP access so that they can do their piece of coding or edit the existing code and then upload it on the server but in a restricted manner, for example, we would like to control which folder they can access, what exactly they can do like: edit and update files but not delete files and so on.

These developers generally use FileZilla or WinSCP as FTP clients.

I looked at a few articles on the forum and tried creating users in Webmin->System->Users and Groups", also tried using “website FTP access user”, tried giving access permission, tried making changes to ProFTPD and a few other stuff like changing shell “/bin/sh” and “/bin/false” but so far nothing has worked. TBH it almost took the website down saying, I am not authorised to access this resource as htaccess file seems to be is under attack - something like that. I had to do everything to get the website back.

So can you please help me set up a controlled FTP access to developers (who are not employees)? I am fairly new to Virtualmin (using it for just above 1 year and learning from different sources), so I will need step by step instruction with menu location (like: Webmin->System->Users and Groups")

Also, once this is all done, can you please suggest if we should give them ask them to come over to our system over a VPN and access FTP using our local IP (192.168) or should I ask them to use our public IP address? Which option will be more secure for us as a company - less abused, especially if contractors share the data with other people who are not authorised to have it.

I hope I have provided all the information, but if you need anything else, please do not hesitate to contact me.

Many Thanks,
Ravi

@raviktiwari,

First off, if you want the quickest response from the Virtualmin team, you should send a private message (from what I understand) to @staff

This will get sent to all the available staff. By sending as a “private message” you are also protecting your privacy if the topic is sensitive in nature, otherwise feel free to post in the forums normally and either someone like myself or the team will eventually address the matter.

@raviktiwari,

There are a lot of ways to accomplish this task.

1. You could simply create extra users for the domain and give them access this way.

2. You could implement a version control system like “git” or use “github” whereas you could control which version of the code goes live, and I believe these systems also keep historical data not to mention offer permission controls to prevent misuse by team members.

3. You could implement a “sandbox” environment and let them work with that, then capture a snapshot from it, audit the code, and when happy implement it in the live environment.

Those are just a few ideas to hopefully assist you in accomplishing your task.

Agreed and that is exactly what I wanted to do - send it privately and send it to Pro team rather than to an open forum.

But have no clue how to achieve that. I even googled it but could not find anything relevant.

Can you please help and let me know how I can do that, please?

Thx: Rav

Again very high-level solution - I have tried all this and nothing works. I need some actionable response for me to try and then I might need some handholding as well.

Thx: Ravi

@raviktiwari,

https://www.virtualmin.com/documentation/

Read, read, read… if you still can’t figure something out… Ask, ask, ask…

It’s important to know, Virtualmin does help you accomplish many many things easier and faster with less errors, but there are things, basic things you still should be familiar with in the Linux and hosting world to succeed.

I would spend more time giving you detailed step by step instructions, however there are two problems.

1. ATM time, I’m presently assisting someone with some stuff so I’m just sending quick responses between tasks and cannot dedicate as much time as I’d like to this task.

2. Giving the wrong answer based on a misunderstood question. I don’t want to steer you the wrong way based on a misunderstanding of what you are looking to accomplish.

I understand that and appreciate your effort.

But as a paying customer, I am eligible for Pro service. Can you please let me know how I can assign my tickets to the Professional team so that people like Joe, andreychek, Jamie can help me accordingly?

Also, can you please let me know if my ticket is available in an open public forum or is it with the Pro team? I have tried a few things but I still have no idea where I stand.

And last but not the least, can you please let me know how I can change my ticket to private - after I have opened the ticket as public and can I do this at the time of opening the ticket itself, so that the ticket is opened as private rather than changing it later.

Thx: Rav

@raviktiwari,

I sent a message to the team in a PM to let them know you’re seeking assistance. Hopefully you’re able to get the help needed soon. Do keep in mind it is the holidays.

Thanks… I think I need to use @staff to get their attention. I have edited the original post with the same.

Let’s see.

Thanks for your help.

A website FTP access user is what you want to create in this case - he will have access to edit files under public_html via FTP, but nothing else. What goes wrong when you try to create one of these users exactly?

Hi Jamie, I tried that ended up with some 400 error (can’t remember the exact error) and almost lost the entire website.

Had to restore the whole VS to get it back to where it was before the change.

Can you please give me step by step instructions on what to do?

I have multiple domains and for some reason their settings are different. For example, one of the VS root user has got only email and FTP access, whereas for other domains the root user has got email, SSH and FTP access. So why are they different? How can I bring all of them to the same level?

I am happy and rather would like to send you a screenshot of this and other tickets that I have raised. But can you please make my tickets private and assign them to Pro team, so that I can share sensitive details.

Many Thanks,
Ravi

Just adding an FTP access user shouldn’t on it’s own have any effect on the website.

You can send me screenshots directly at jcameron@virtualmin.com

Apologies for the delayed response Jamie.

Got busy with so many other ongoing issues and now this can come back as a pressing needs.

I can’t remember what I did last time but it did not work and it sort of broke the website as well. I had to restore tthe virtual server using backup.

So before I do something stupid, once again, can you please share the guie/steps that I should follow.

Just so you know, I need to give FTP access to outsourced agency so that the can do some updates for SEO purpose (like changing content, images, uploading couple of files and so on).

Also, is it possible that I allow them to add, edit and update but not delete any files? Or do you think (just like me) there is an issue with this logic?

Many Thanks,
Ravi

The right method is to select the domain from the left menu, click on Edit Users, then click “Add a website FTP access user”

Hi Jamie,

It is still not working. But before I can share more details, can you please move this ticket out from a generic forum onto a support ticket (we are paid pro members), so that I can share personal details like: domain name, database name, screenshots etc.

Don’t forget to share the new URL or access point after conversion so that I can still access it.

Many Thanks,
Ravi

@raviktiwari,

Send private message to @Jamie rather then a forum post. Click his name then the message icon.

Thanks, but is that the only way to get the ticket assigned correctly?

Let me give you some background and what I want?

I pay every month via direct debit so that I can get support and other benefits that come with it but I don’t use any other benefits other than the support part. (Let’s leave that for another time). As we have now promoted Virtualmin in Prod environment at times we need support and need it pretty urgently and so I come here.

Now, when I post my query, I am more than willing to share system details but only to the right people and not open in the public. And from there all communication between me and the support folks like Jamie, Joe, Illia etc. should be a private conversation between me and them.

In the older version of the Virtualmin forum (before it got refreshed) there was an option to do that, but not sure how to do that now. Tagging was and is still an option, but that’s a workaround just to get attention from someone you want to, but that is not the way to assign a ticket to the support queue.

Because if I am supposed to get an answer from the forum and get it in the next 1-2 days, then there is no point in me being a paid member, the community version still works fine.

Any idea, how can I do that. I might have started the process wrong and if that is the case, I am happy o close the ticket in the open forum and start a new ticket that can go straight to the support queue.

Thx: Ravi

@raviktiwari,

Private messages to either one of the staff or to @staff which reaches all 4 should suffice for your needs.

I’m not even sure if the issue tracker is still around since the transition to WordPress, though @Jamie who has been conversing here would be able to clarify that and your question.

*** Sent from the recovery ward of Surrey Memorial Hospital, British Columbia, Canada ***

Fair enough, but if that is the case then that means I cannot share any sensitive information. Right? Because even though I can reach staff by tagging them, my query with all sensitive information will be available in the open for people to play with. Right?

So do we have a gap now? A massive one?

P.S: You don’t have to respond mate, look after yourself, that is more important than anything else in the world.

@staff @Jamie just so you know I tried using “Add a user to this server”, “Add a website F|TP access user” and also tried to “Edit New User Default” where I gave permission to create email and FTP access at the same time and then created a new user using “Add a user to this server”

All attempts lead to grand failure. Any idea, what I can do next?

P.S: I am still waiting for info on how I can convert my message Private so that I can share details around domain, virtual server, screenshot etc.

Thx: Ravi