VSFTPd Virtual Users


This documenation was created from CentOS using the YUM package manager to keep things simple. Before you dig to deep you need the FTP Server to be installed. You can either install the FTP Server as you install CentOS or YUM group install it after the fact.

If you don't have VSFTPd installed currently on your CentOS machine.
>yum groupinstall "FTP Server"

Needed for creating the user database later.
>yum install compat-db

PAM configuration which configures the usage of the virual database we will be creating from a basic text file below.
>nano /etc/pam.d/vsftpd
session optional pam_keyinit.so force revoke
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_users
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_users


Add the user the virtual FTP server will use to log in all users.
>adduser -d /home/vweb/ virtualftp -s /sbin/nologin

VSFTPd configuration example used for this setup.
>nano /etc/vsftpd/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES

# Virtual users will be logged into /home/vweb/[username]/
user_sub_token=$USER
local_root=/home/vweb/$USER
guest_enable=YES
guest_username=virtualftp
# Umask applied for virtual users and anon
anon_umask=0022
# Allows uploading by virtual users
anon_upload_enable=YES
# Allows creation of directories by virtual users
anon_mkdir_write_enable=YES
# Allows deletion of files and directories by virtual users
anon_other_write_enable=YES


Create your text absed user and password list.
>nano /etc/vsftpd/vsftpd_users.txt
username1
passwordforusername1



Create your user database from the entries located in the users file created above.
>rm /etc/vsftpd/vsftpd_users.db
>db42_load -T -t hash -f /etc/vsftpd/vsftpd_users.txt /etc/vsftpd/vsftpd_users.db
>chmod 600 /etc/vsftpd/vsftpd_users.db /etc/vsftpd/vsftpd_users.txt

Create your user's based FTP directory.
>mkdir -p /home/vweb/username1

Fixes not being able to write once logged into FTP
>chown -R virtualftp:virtualftp  /home/vweb/
>chmod -R 644 /home/vweb/
>find /home/vweb/ -type d -exec chmod 755 {} \;

Fixes "500 OOPS: cannot change directory". If SELinux is not enabled or enforcing then this can be ignored.
>/usr/sbin/setsebool  -P ftp_home_dir=1

No comments:

Post a Comment