Configuring FTP server (vsftpd) using text file for virtual users

Sponsored Link
vsftpd is a GPL licensed FTP server for UNIX systems, including Linux. It is secure and extremely fast. It is stable. Don't take my word for it, though. Below, we will see evidence supporting all three assertions. We will also see a list of a few important sites which are happily using vsftpd. This demonstrates vsftpd is a mature and trusted solution.

VsFTPd Features

Despite being small for purposes of speed and security, many more complicated FTP setups are achievable with vsftpd! By no means an exclusive list, vsftpd will handle:

Virtual IP configurations
Virtual users
Standalone or inetd operation
Powerful per-user configurability
Bandwidth throttling
Per-source-IP configurability
Per-source-IP limits
IPv6
Encryption support through SSL integration

Install VsFTPd server on ubuntu

Open the terminal and run the following command

sudo apt-get install vsftpd

Virtual users and authentication

We are going to use pam_userdb to authenticate the virtual users. This needs a username / password file in `db’ format – a common database format. We need `db_load’ program.

sudo apt-get install db5.3-util

To create a `db’ format file, first create a plain text file `virtual-users.txt’ with the usernames and passwords on alternating lines:

andy
james
david

Then execute the following command to create the actual database:

sudo db_load -T -t hash -f virtual-users.txt /etc/vsftpd/virtual-users.db

Now, create a PAM file /etc/pam.d/vsftpd.virtual

sudo vi /etc/pam.d/vsftpd.virtual

Add the following lines

auth required pam_userdb.so db=/etc/vsftpd/virtual-users
account required pam_userdb.so db=/etc/vsftpd/virtual-users

Save and exit the file

Configuring Vsftpd Server

Edit vsftpd configuration file /etc/vsftpd.conf

sudo vi /etc/vsftpd/vsftpd.conf

Edit the following options

# disables anonymous FTP

anonymous_enable=NO

# enables non-anonymous FTP

local_enable=YES

# activates virtual users

guest_enable=YES

# virtual users to use local privs, not anon privs

virtual_use_local_privs=YES

# enables uploads and new directories

write_enable=YES

# the PAM file used by authentication of virtual uses

pam_service_name=vsftpd.virtual

# in conjunction with ‘local_root',
# specifies a home directory for each virtual user

user_sub_token=$USER
local_root=/var/www/virtual/$USER

# the virtual user is restricted to the virtual FTP area

chroot_local_user=YES

# hides the FTP server user IDs and just display "ftp" in directory listings

hide_ids=YES

# runs vsftpd in standalone mode

listen=YES

# listens on this port for incoming FTP connections

listen_port=60021

# the minimum port to allocate for PASV style data connections

pasv_min_port=62222

# the maximum port to allocate for PASV style data connections

pasv_max_port=63333

# controls whether PORT style data connections use port 20 (ftp-data)

connect_from_port_20=YES

# the umask for file creation

local_umask=022

Creation of home directories

Create each user’s home directory in /var/www/virtual, and change the owner of the directory to the user `ftp’:

sudo mkdir /var/www/virtual/andy
sudo chown ftp:ftp /var/www/virtual/andy

Restart VSFTPD service

Now we can restart VSFTPD using the following command

sudo service vsftpd restart

Test Your vsftpd Setup

Open the terminal and type the following

$ ftp localhost

Sample success output:

Connected to 192.168.1.10
Name (localhost:root): andy
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>

Sponsored Link

You may also like...

1 Response

  1. Hennie says:

    Is the following correct at the top:
    To create a `db’ format file, first create a plain text file `virtual-users.txt’ with the usernames and passwords on alternating lines:

    andy
    james
    david

    Should it not be something like
    andy
    and123
    james
    jam123
    david
    dav123

Leave a Reply

Your email address will not be published. Required fields are marked *