Lighttpd share ftp directory

ftpshare.conf

#load auth module
server.modules += ( "mod_auth" )

#auth settings
auth.debug = 2
auth.backend = "htpasswd"
auth.backend.htpasswd.userfile = "/etc/vsftpd.passwd"

#generate auth blocks for each ftp account
include_shell "/etc/lighttpd/ftpshare.sh"

ftpshare.sh

!/bin/sh
#
# - generate lighttpd ftp share configuration -
#
# * Generate auth block from ftp account filedb password.
# * Deny access to directories when no matching ftp account.
#
# Call this script from lighttpd configuration:
#  include_shell "/path/to/script.sh"
#

# script configuration
#
FTP_ROOT="/data/ftp"
FTP_USERS=$(cat /etc/vsftpd.passwd | cut -d':' -f1)
FTP_DIRS=$(find $FTP_ROOT -maxdepth 1 -type d)

# generate auth block configuration
#
printf -- "auth.require = (\n"

# bind valid account
for user in $FTP_USERS; do
        printf -- "\t\"/%s\" => (\n" "$user"
        printf -- "\t\t\"method\" => \"basic\",\n"
        printf -- "\t\t\"realm\" => \"Password protected area\",\n"
        printf -- "\t\t\"require\" => \"user=%s\",\n" "$user"
        printf -- "\t),\n"
done

# bind ftp root share
printf -- "\t\"\" => (\n"
printf -- "\t\t\"method\" => \"basic\",\n"
printf -- "\t\t\"realm\" => \"Password protected area\",\n"
printf -- "\t\t\"require\" => \"valid-user\",\n"
printf -- "\t)\n"
printf -- ")\n"
printf -- "\n"

# exclude unknown account directory
for dir in $FTP_DIRS; do
        if [ "$dir" != "$FTP_ROOT" ]; then
                dname=$(basename "$dir")
                if ! echo "$FTP_USERS" | grep -e "^$dname$" > /dev/null; then
                        printf -- "\$HTTP[\"url\"] =~ \"^/%s/\" {\n" "$dname"
                        printf -- "\turl.access-deny = ( \"\" )\n"
                        printf -- "}\n"
                        printf -- "\n"
                fi
        fi
done

# end program
exit 0