Skip to content

Instantly share code, notes, and snippets.

@k-zakhariy

k-zakhariy/gist:cee15355e4d99f1498d8ff57eeefd773

Last active November 28, 2017 18:56
Show Gist options
  • Save k-zakhariy/cee15355e4d99f1498d8ff57eeefd773 to your computer and use it in GitHub Desktop.
Save k-zakhariy/cee15355e4d99f1498d8ff57eeefd773 to your computer and use it in GitHub Desktop.
Download ZIP
Setup vsftpd Ubuntu 15.10
Raw
gistfile1.md

Setup vsftpd for Ubuntu 15.10

First you need vsftp and PAM installed

apt-get install vsftpd libpam-pwdfile Edit /etc/vsftpd.conf

nano /etc/vsftpd.conf then paste in the following

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/var/www
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES

#virutal user settings
user_config_dir=/etc/vsftpd_user_conf
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd

rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=YES


xferlog_enable=YES
xferlog_file=/var/log/vsftpd.log

Edit to your exact needs the most important bit for virtual users is everything after the virtual user settings comment

Creating User

You can either use a database or htpasswd I found htpasswd faster and easier to use. make a directory to store your users

mkdir /etc/vsftpd
htpasswd -cd /etc/vsftpd/ftpd.passwd user1

adding additional users just omit the -c

htpasswd -d /etc/vsftpd/ftpd.passwd user2 I've only managed to get it to work using CRYPT which limits to 8 chars to use more than 8 chars use openssl to generate a compatible hash and pipe directly into htpasswd

htpasswd -c -p -b /etc/vsftpd/ftpd.passwd user1 $(openssl passwd -1 -noverify password) Once your users are created you can now change your PAM config file

nano /etc/pam.d/vsftpd and remove everything inside this file and replace with the following

auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so

This will enable login for your virtual users defined in /etc/vsftpd/ftpd.passwd and will disable local users

Next we need to add a user for these virtual users to use. These users will not have access to the shell and will be called vsftpd

useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd the user must match guest_username=vsftpd in the vsftpd conf file

Defining Directory Access

The important line here is the following

user_config_dir=/etc/vsftpd_user_conf this means that when user1 logs in it will look for the following file

/etc/vsftpd_user_conf/user1 this file the same as the vsftpd.conf so you can define a new local_root

going back to the question we want user1 to only have access to var/www/website_name1/sub_folder1, so we need to create the vsftpd_user_conf folder:

mkdir /etc/vsftpd_user_conf Now create the user file:

nano /etc/vsftpd_user_conf/user1 and enter the following line

local_root=/var/www/website_name1/sub_folder1

Now restart vsftp

service vsftpd restart you should now be able to login as user1 who will only be able to see var/www/website_name1/sub_folder1 and any folder and file inside it.

That's it you can now add as many users as you want and limit their access to whatever folder you wish.

important to remember if you do not create a user conf file it will default to the var/www folder as root (in the example above)

If the subfolder is intended to be modifiable by the user, it might be necesary to change the owner of the shared subfolder:

chown vsftpd:nogroup /var/www/website_name1/sub_folder1

Adding new users

  1. sudo htpasswd -p -b /etc/vsftpd/ftpd.passwd LOGIN $(openssl passwd -1 -noverify PASSWORD )
  2. sudo nano /etc/vsftpd_user_conf/LOGIN - insert there local_root=/var/www/website_name1/sub_folder1 - path to folder
  3. Ctrl + O will save changes, then Ctrl+X to exit
  4. sudo service vsftpd restart or sudo /etc/init.d/vsftpd restart
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment