Home Technical VSFTPd Virtual Users

Search

VSFTPd Virtual Users Print
Written by Chris Gountanis   

This documenation was created from CentOS using the YUM package manager to keep things simple. Before you dig to deep you need the FTP Server to be installed. You can either install the FTP Server as you install CentOS or YUM group install it after the fact.

 

If you don't have VSFTPd installed currently on your CentOS machine.
>yum groupinstall "FTP Server"

 

Needed for creating the user database later.
>yum install compat-db

 

PAM configuration which configures the usage of the virual database we will be creating from a basic text file below.
>nano /etc/pam.d/vsftpd
session optional pam_keyinit.so force revoke
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_users
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_users

 

Add the user the virtual FTP server will use to log in all users.
>adduser -d /home/vweb/ virtualftp -s /sbin/nologin

 

VSFTPd configuration example used for this setup.
>nano /etc/vsftpd/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES

# Virtual users will be logged into /home/vweb/[username]/
user_sub_token=$USER
local_root=/home/vweb/$USER
guest_enable=YES
guest_username=virtualftp
# Umask applied for virtual users and anon
anon_umask=0022
# Allows uploading by virtual users
anon_upload_enable=YES
# Allows creation of directories by virtual users
anon_mkdir_write_enable=YES
# Allows deletion of files and directories by virtual users
anon_other_write_enable=YES

 

Create your text absed user and password list.
>nano /etc/vsftpd/vsftpd_users.txt
username1
passwordforusername1


 

Create your user database from the entries located in the users file created above.
>rm /etc/vsftpd/vsftpd_users.db
>db42_load -T -t hash -f /etc/vsftpd/vsftpd_users.txt /etc/vsftpd/vsftpd_users.db
>chmod 600 /etc/vsftpd/vsftpd_users.db /etc/vsftpd/vsftpd_users.txt

 

Create your user's based FTP directory.
>mkdir -p /home/vweb/username1

 

Fixes not being able to write once logged into FTP
>chown -R virtualftp:virtualftp  /home/vweb/
>chmod -R 644 /home/vweb/
>find /home/vweb/ -type d -exec chmod 755 {} \;

 

Fixes "500 OOPS: cannot change directory". If SELinux is not enabled or enforcing then this can be ignored.
>/usr/sbin/setsebool  -P ftp_home_dir=1

 

Fixes "425 Failed to establish connection" or "Client Error: Failed to retrieve directory listing". If you have not run some sort of automated firewall utility you may need to add the module ip_conntrack_ftp to your iptables configuration. Just make sure your line includes  ip_conntrack_ftp as stated below. If you are not running an iptables based firewall then this can be ignored.
>nano /etc/sysconfig/iptables-config
IPTABLES_MODULES="ip_conntrack_ftp"

 

VSFTPd

 

About VSFTPd
vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast. It is stable. Don't take my word for it, though. Below, we will see evidence supporting all three assertions. We will also see a list of a few important sites which are happily using vsftpd. This demonstrates vsftpd is a mature and trusted solution. - http://vsftpd.beasts.org/
Last Updated on Wednesday, 23 January 2008 16:40