Introduction
Backing up a web server with FTP is a popular choice. However, it's hazardous to give the web server delete access because unauthorized users could delete the backups. This guide demonstrates how to configure vsftpd
, a popular FTP server, to deny delete access. The web server and FTP server are physically separate in different datacenter locations. This guide uses WordPress and UpdraftPlus, a popular backup plugin, but you can substitute any server and backup method that uses FTP to upload files. The FTP server configuration is the important factor in this example.
Prerequisites
- Install a One-Click WordPress app.
- Install the UpdraftPlus backup plugin in WordPress.
- Install a Rcs Ubuntu 20.04 LTS server, preferably in a different location than WordPress, as the FTP backup server.
Install vsftpd
SSH to the FTP server as root.
Install vsftpd.
# apt install vsftpd
Create a user for FTP backups. Choose a strong password.
# adduser ftp-user
Edit the vsftp configuration.
# nano /etc/vsftpd.conf
Uncomment the following lines to allow ftp-user to login and create files.
local_enable=YES write_enable=YES
Add the following line to deny file deletes.
cmds_denied=DELE
Restart the vsftpd service.
# systemctl restart vsftpd
This completes the FTP server setup. The ftp-user account uploads files to /home/ftp-user
.
Configure UpdraftPlus Backups
Navigate to the UpdraftPlus setup screen on your web server.
https://www.example.com/wp-admin/options-general.php?page=updraftplus
Click the Settings tab.
In the Choose your Remote Storage section, click the FTP icon.
In the FTP configuration section, enter the server, login, password, and remote path. For example:
- FTP server: example.com
- FTP login: ftp-user
- FTP password: YourStrongPassword
- Remote path: /home/ftp-user
Click the Test FTP Settings button. Verify the test is successful.
Click the Save button at the bottom of the page.
Test the Backup System
Navigate to the UpdraftPlus backups page.
https://example.com/wp-admin/options-general.php?page=updraftplus
Click the Backup Now button.
Choose your backup options from the popup and start the backup.
SSH to the FTP server as root.
Check the backup folder.
# ls /home/updraft-user
Verify the new backup exists. It usually consists of several files.
On the UpdraftPlus backup page, click the Delete button next to the new backup.
Select the option Also delete from remote storage in the popup confirmation.
When finished, the web console shows that UpdraftPlus deleted the backup. However, if you check the FTP server, the files are still there, because the FTP server ignored the delete command.
# ls /home/updraft-user
On the UpdraftPlus backup page, click the Rescan remote storage link. UpdraftPlus discovers the backup files still exist and adds them back to the list.
Conclusion
This configuration prevents a website attacker from deleting your backups. However, there is a trade-off between convenience and security. As a side effect, UpdraftPlus can no longer automatically expire old backups. You may need to configure an expiration task on the FTP server.