hackaugusto · January 26, 2016 06:57
diff --git a/allowed_users b/allowed_users
 user1
 user2
 ...
diff --git a/vsftpd.conf b/vsftpd.conf
 # features
 listen=YES
 dirmessage_enable=NO
 use_localtime=YES
 xferlog_enable=YES

 # permissions
 allow_writeable_chroot=YES
 write_enable=YES
 local_umask=022

 # enable virtual users only
 # allow virtual users to write
 virtual_use_local_privs=YES
 # use this real for the writes of the virtual user
 guest_enable=YES
 guest_username=vsftpd
 # we need to use local_enable to user virtual users
 local_enable=YES
 # chroot the user to the project folder
 chroot_local_user=YES
 user_sub_token=$USER
 local_root=/srv/$USER

 # connection
 accept_timeout=10
 connect_timeout=10
 data_connection_timeout=120
 idle_session_timeout=600
 pasv_enable=YES
 pasv_max_port=1048
 pasv_min_port=1024
 pasv_address=xxx.xxx.xxx.xxx

 # compat
 connect_from_port_20=YES
 async_abor_enable=NO

 # security
 hide_ids=YES
 anonymous_enable=NO
 nopriv_user=ftpsecure
 secure_chroot_dir=/var/run/vsftpd/empty
 pam_service_name=vsftpd
 rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
 rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
 userlist_file=/etc/vsftpd/allowed_users
diff --git a/vsftpd_pam b/vsftpd_pam
 # pam_userdb will add `.db` at the end of the file name
 #  /etc/vsftpd/users -> /etc/vsftpd/users.db
 auth       required     pam_userdb.so db=/etc/vsftpd/users
 account    required     pam_userdb.so db=/etc/vsftpd/users
 session    required     pam_loginuid.so
	# features
	listen=YES
	dirmessage_enable=NO
	use_localtime=YES
	xferlog_enable=YES

	# permissions
	allow_writeable_chroot=YES
	write_enable=YES
	local_umask=022

	# enable virtual users only
	# allow virtual users to write
	virtual_use_local_privs=YES
	# use this real for the writes of the virtual user
	guest_enable=YES
	guest_username=vsftpd
	# we need to use local_enable to user virtual users
	local_enable=YES
	# chroot the user to the project folder
	chroot_local_user=YES
	user_sub_token=$USER
	local_root=/srv/$USER

	# connection
	accept_timeout=10
	connect_timeout=10
	data_connection_timeout=120
	idle_session_timeout=600
	pasv_enable=YES
	pasv_max_port=1048
	pasv_min_port=1024
	pasv_address=xxx.xxx.xxx.xxx

	# compat
	connect_from_port_20=YES
	async_abor_enable=NO

	# security
	hide_ids=YES
	anonymous_enable=NO
	nopriv_user=ftpsecure
	secure_chroot_dir=/var/run/vsftpd/empty
	pam_service_name=vsftpd
	rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
	rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
	userlist_file=/etc/vsftpd/allowed_users
	# pam_userdb will add `.db` at the end of the file name
	# /etc/vsftpd/users -> /etc/vsftpd/users.db
	auth required pam_userdb.so db=/etc/vsftpd/users
	account required pam_userdb.so db=/etc/vsftpd/users
	session required pam_loginuid.so