vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast. It is stable. Don't take my word for it, though. Below, we will see evidence supporting all three assertions. We will also see a list of a few important sites which are happily using vsftpd. This demonstrates vsftpd is a mature and trusted solution.
To configure vsftpd server with virtual users we need to enable PAM for vsftpd.
apt-get install vsftpd libpam-pwdfile
Now configure vsftpd to use PAM authentication
vim /etc/vsftpd.conf
then paste in the following
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/var/www
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES
#virutal user settings
user_config_dir=/etc/vsftpd_user_conf
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd
Now create users -
You can either use a database or htpasswd I found htpasswd faster and easier to use.
To configure vsftpd server with virtual users we need to enable PAM for vsftpd.
apt-get install vsftpd libpam-pwdfile
Now configure vsftpd to use PAM authentication
vim /etc/vsftpd.conf
then paste in the following
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/var/www
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES
#virutal user settings
user_config_dir=/etc/vsftpd_user_conf
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd
Now create users -
You can either use a database or htpasswd I found htpasswd faster and easier to use.
Make a directory to store your users
mkdir /etc/vsftpd
htpasswd -cd /etc/vsftpd/ftpd.passwd user1
adding additional users just omit the -c
htpasswd -d /etc/vsftpd/ftpd.passwd user2
I've only managed to get it to work using CRYPT which limits to 8 chars to use more than 8 chars use openssl to generate a compatible hash and pipe directly into htpasswd.
htpasswd -c -p -b /etc/vsftpd/ftpd.passwd user1 $(openssl passwd -1 -noverify password)
Once your users are created you can now change your PAM config file
vim /etc/pam.d/vsftpd
Remove everything inside this file and replace with the following
auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so
This will enable login for your virtual users defined in /etc/vsftpd/ftpd.passwd and will disable local users.
Next we need to add a user for these virtual users to use. These users will not have access to the shell and will be called vsftpd ( this username should be same as guest_username value in the vsftpd conf file.)
useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd
we have already Defined Directory Access in vsftpd conf file -
user_config_dir=/etc/vsftpd_user_conf
this means that when user1 logs in it will look for the following file
/etc/vsftpd_user_conf/user1
we want user1 to only have access to var/www/website_name1/sub_folder1, so we need to create the vsftpd_user_conf folder:
mkdir /etc/vsftpd_user_conf
Now create the user file:
vim /etc/vsftpd_user_conf/user1
put the following value -
local_root=/var/www/website_name1/sub_folder1
Now restart vsftp
service vsftpd restart
you should now be able to login as user1 who will only be able to see var/www/website_name1/sub_folder1 and any folder and file inside it.
That's it you can now add as many users as you want and limit their access to whatever folder you wish.
important to remember if you do not create a user conf file it will default to the var/www folder as root (in the example above).
If the subfolder is intended to be modifiable by the user, it might be necesary to change the owner of the shared subfolder:
chown vsftpd:nogroup /var/www/website_name1/sub_folder1
Comments