Showing posts with label VSFTPD. Show all posts
Showing posts with label VSFTPD. Show all posts

VSFTPd Virtual Users


This documenation was created from CentOS using the YUM package manager to keep things simple. Before you dig to deep you need the FTP Server to be installed. You can either install the FTP Server as you install CentOS or YUM group install it after the fact.

If you don't have VSFTPd installed currently on your CentOS machine.
>yum groupinstall "FTP Server"

Needed for creating the user database later.
>yum install compat-db

PAM configuration which configures the usage of the virual database we will be creating from a basic text file below.
>nano /etc/pam.d/vsftpd
session optional pam_keyinit.so force revoke
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_users
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_users

Add the user the virtual FTP server will use to log in all users.
>adduser -d /home/vweb/ virtualftp -s /sbin/nologin

VSFTPd configuration example used for this setup.
>nano /etc/vsftpd/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
chroot_local_user=YES
pam_service_name=vsftpd
userlist_enable=YES
# Virtual users will be logged into /home/vweb/[username]/
user_sub_token=$USER
local_root=/home/vweb/$USER
guest_enable=YES
guest_username=virtualftp
# Umask applied for virtual users and anon
anon_umask=0022
# Allows uploading by virtual users
anon_upload_enable=YES
# Allows creation of directories by virtual users
anon_mkdir_write_enable=YES
# Allows deletion of files and directories by virtual users
anon_other_write_enable=YES

Create your text absed user and password list.
>nano /etc/vsftpd/vsftpd_users.txt
username1
passwordforusername1


Create your user database from the entries located in the users file created above.
>rm /etc/vsftpd/vsftpd_users.db
>db42_load -T -t hash -f /etc/vsftpd/vsftpd_users.txt /etc/vsftpd/vsftpd_users.db
>chmod 600 /etc/vsftpd/vsftpd_users.db /etc/vsftpd/vsftpd_users.txt

Create your user's based FTP directory.
>mkdir -p /home/vweb/username1

Fixes not being able to write once logged into FTP
>chown -R virtualftp:virtualftp  /home/vweb/
>chmod -R 644 /home/vweb/
>find /home/vweb/ -type d -exec chmod 755 {} \;

Fixes "500 OOPS: cannot change directory". If SELinux is not enabled or enforcing then this can be ignored.
>/usr/sbin/setsebool  -P ftp_home_dir=1
Posted by at No comments:

VSFTPD Virtual Users Setup (with individual FTP home directories)

1. Installation of VSFTPD

For Red Hat, CentOS and Fedora, you may install VSFTPD by the command
# yum install vsftpd
For Debian and Ubuntu,
# apt-get install vsftpd
2. Virtual users and authentication

We are going to use pam_userdb to authenticate the virtual users. This needs a username / password file in `db’ format – a common database format. We need `db_load’ program. For CentOS, Fedora, you may install the package `db4-utils’:
# yum install db4-utils
For Ubuntu,
# apt-get install db4.2-util
To create a `db’ format file, first create a plain text file `virtual-users.txt’ with the usernames and passwords on alternating lines:
mary
123456
jack
654321
Then execute the following command to create the actual database:
# db_load -T -t hash -f virtual-users.txt /etc/vsftpd/virtual-users.db
Now, create a PAM file /etc/pam.d/vsftpd-virtual which uses your database:
auth required pam_userdb.so db=/etc/vsftpd/virtual-users
account required pam_userdb.so db=/etc/vsftpd/virtual-users
3. Configuration of VSFTPD

Create a configuration file /etc/vsftpd/vsftpd-virtual.conf,
# disables anonymous FTP
anonymous_enable=NO
# enables non-anonymous FTP
local_enable=YES
# activates virtual users
guest_enable=YES
# virtual users to use local privs, not anon privs
virtual_use_local_privs=YES
# enables uploads and new directories
write_enable=YES
# the PAM file used by authentication of virtual uses
pam_service_name=vsftpd-virtual
# in conjunction with 'local_root',
# specifies a home directory for each virtual user
user_sub_token=$USER
local_root=/var/www/virtual/$USER
# the virtual user is restricted to the virtual FTP area
chroot_local_user=YES
# hides the FTP server user IDs and just display "ftp" in directory listings
hide_ids=YES
# runs vsftpd in standalone mode
listen=YES
# listens on this port for incoming FTP connections
listen_port=60021
# the minimum port to allocate for PASV style data connections
pasv_min_port=62222
# the maximum port to allocate for PASV style data connections
pasv_max_port=63333
# controls whether PORT style data connections use port 20 (ftp-data)
connect_from_port_20=YES
# the umask for file creation
local_umask=022
4. Creation of home directories

Create each user’s home directory in /var/www/virtual, and change the owner of the directory to the user `ftp’:
# mkdir /var/www/virtual/mary
# chown ftp:ftp /var/www/virtual/mary
5. Startup of VSFTPD and test

Now we can start VSFTPD by the command:
# /usr/sbin/vsftpd /etc/vsftpd/vsftpd-virtual.conf
and test the FTP access of a virtual user:
# lftp -u mary -p 60021 192.168.1.101
Posted by at No comments:
Subscribe to: Posts (Atom)