|**OS type and version: Ubuntu 18.04 LTS → Moving on to 20.04 over the weekend.|
|**Webmin version: 1.981|
|Virtualmin version: 6.17-3|
|**Related products version: 1.35|
I have got an urgent production issue, plus as I am a Virtualmin Pro member, I believe I can get a personalised response ASAP rather than waiting for someone in the forum to answer it.
Also, if you can make this ticket private it will be really helpful as I believe I will have to share my IP address etc. Can you please confirm once the ticket is private the details of the ticket cannot be accessed by anyone in the wider forum - not even after 2-5-10 years.
Coming to the issue:
We have started working on slightly bigger projects wherein we need to use developers from different locations (sometimes from outside the countries as well). Generally, these developers are contractors, so as you can imagine, the safety and security of our system is very important.
We, therefore, want to give them FTP access so that they can do their piece of coding or edit the existing code and then upload it on the server but in a restricted manner, for example, we would like to control which folder they can access, what exactly they can do like: edit and update files but not delete files and so on.
These developers generally use FileZilla or WinSCP as FTP clients.
I looked at a few articles on the forum and tried creating users in Webmin->System->Users and Groups", also tried using “website FTP access user”, tried giving access permission, tried making changes to ProFTPD and a few other stuff like changing shell “/bin/sh” and “/bin/false” but so far nothing has worked. TBH it almost took the website down saying, I am not authorised to access this resource as htaccess file seems to be is under attack - something like that. I had to do everything to get the website back.
So can you please help me set up a controlled FTP access to developers (who are not employees)? I am fairly new to Virtualmin (using it for just above 1 year and learning from different sources), so I will need step by step instruction with menu location (like: Webmin->System->Users and Groups")
Also, once this is all done, can you please suggest if we should give them ask them to come over to our system over a VPN and access FTP using our local IP (192.168) or should I ask them to use our public IP address? Which option will be more secure for us as a company - less abused, especially if contractors share the data with other people who are not authorised to have it.
I hope I have provided all the information, but if you need anything else, please do not hesitate to contact me.