VSFTP Basic Configuration - More Fast-Food coming-up

Summary task: Configure VSFTPD for virtual user

Install

sudo apt-get install vsftpd

Step 1: Basic Configuration


Edit your /etc/vsftpd.conf configuration file and change the parameter:

sudo vi /etc/vsftpd.conf

# No anonymous login
anonymous_enable=NO
# Let local users login 
# If you connect from the internet with local users, you should enable TLS/SSL/FTPS 
local_enable=YES
# Write permissions 
write_enable=YES

chroot_local_user=YES
chroot_list_enable=NO   <== put YES here if you want to the ftp user declaired in /etc/vsftpd.chroot_lists can access everywhere in the server

# Useful to not write over hidden files:
force_dot_files=YES

# Hide the info about the owner (user and group) of the files.
hide_ids=YES

# Connection limit for each IP:
max_per_ip=2

# Maximum number of clients:
max_clients=20

Step 2: Create the virtual user database

Create directory /etc/vsftpd and user database file:

# cd /etc/vsftpd
# sudo vi user.txt

The file user.txt has this format:

Username
password
Username
password
....
Username
password

Create the actual database file (in below this command we are going to use db_load that may require the db_util package to be installed):

# cd /etc/vsftpd

# db_load -T -t hash -f user.txt vsftpd-virtual-user.db 
# chmod 600 vsftpd-virtual-user.db
# rm user.txt

Please be noted: we can use htpasswd for creating a password file then configure PAM to use password file with the "pwdfile" parameter in /etc/pam.d/vsftpd PAM file (of course, you have to install libpam-pwfile). This Post trying to use another way of user/password mechanism.

Edit /etc/vsftpd.conf then add more parameter for virtual user can be used

# Virtual users will use the same privileges as local users.
# It will grant write access to virtual users. Virtual users will use the
# same privileges as anonymous users, which tends to be more restrictive
# (especially in terms of write access).
virtual_use_local_privs=YES
write_enable=YES

# Set the name of the PAM service vsftpd will use
pam_service_name=vsftpd.virtual

# Activates virtual users
guest_enable=YES

# Automatically generate a home directory for each virtual user, based on a template.
# For example, if the home directory of the real user specified via guest_username is
# /home/virtual/$USER, and user_sub_token is set to $USER, then when virtual user vivek
# logs in, he will end up (usually chroot()'ed) in the directory /home/virtual/vivek.
# This option also takes affect if local_root contains user_sub_token.
user_sub_token=$USER

# Usually this is mapped to Apache virtual hosting docroot, so that
# Users can upload files
local_root=/home/vftp/$USER

# Chroot user and lock down to their home dirs
chroot_local_user=YES

# Hide ids from user
hide_ids=YES

Add this line to allow user access to ftp

userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd.allowed_users
allow_writeable_chroot=YES

Save and close the file.

Step 3: Create a PAM File Which Uses Your New Database

The following PAM is used to authenticate users using your new database. Create /etc/pam.d/vsftpd.virtual:

# sudo vi /etc/pam.d/vsftpd.virtual

And append the following

#%PAM-1.0
auth       required     pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user
account    required     pam_userdb.so db=/etc/vsftpd/vsftpd-virtual-user
session    required     pam_loginuid.so

Now create the user file and home directory also:

# mkdir -p /home/vftp/{nhutnb,nhutnhieu}
# chown -R ftp:ftp /home/vftp

Now create the /etc/vsftpd.allowed_users for user can access

# sudo vi /etc/vsftpd.allowed_users

And the content are:

nhutnb
nhutnhieu

Finish with this step, your ftp account can now login to the folder /home/vftp/<your username>, so if you want the account can login to other directory, run:

mount --bind /var/www/<webdir>/ /home/vftp/nhutnb/

So that, when login to ftp account, your home directory would be pointed to /var/www/<webdir> , and of course, change the pertinent permission of directory for using.

Source:

https://help.ubuntu.com/community/vsftpd