(See also: Setup of VSFTPD virtual users - another approach)
1. Installation of VSFTPD
For Red Hat, CentOS and Fedora, you may install VSFTPD by the command
# yum install vsftpd
For Debian and Ubuntu,
# apt-get install vsftpd
2. Virtual users and authenticationWe are going to use pam_userdb to authenticate the virtual users. This needs a username / password file in `db' format - a common database format. We need `db_load' program. For CentOS, Fedora, you may install the package `db4-utils':
# yum install db4-utils
For Ubuntu,
# apt-get install db4.2-util
To create a `db' format file, first create a plain text file `virtual-users.txt' with the usernames and passwords on alternating lines:
mary
123456
jack
654321
Then execute the following command to create the actual database:
# db_load -T -t hash -f virtual-users.txt /etc/vsftpd/virtual-users.db
Now, create a PAM file /etc/pam.d/vsftpd-virtual which uses your database:
auth required pam_userdb.so db=/etc/vsftpd/virtual-users
account required pam_userdb.so db=/etc/vsftpd/virtual-users
3. Configuration of VSFTPDCreate a configuration file /etc/vsftpd/vsftpd-virtual.conf,
# disables anonymous FTP
anonymous_enable=NO
# enables non-anonymous FTP
local_enable=YES
# activates virtual users
guest_enable=YES
# virtual users to use local privs, not anon privs
virtual_use_local_privs=YES
# enables uploads and new directories
write_enable=YES
# the PAM file used by authentication of virtual uses
pam_service_name=vsftpd-virtual
# in conjunction with 'local_root',
# specifies a home directory for each virtual user
user_sub_token=$USER
local_root=/var/www/virtual/$USER
# the virtual user is restricted to the virtual FTP area
chroot_local_user=YES
# hides the FTP server user IDs and just display "ftp" in directory listings
hide_ids=YES
# runs vsftpd in standalone mode
listen=YES
# listens on this port for incoming FTP connections
listen_port=60021
# the minimum port to allocate for PASV style data connections
pasv_min_port=62222
# the maximum port to allocate for PASV style data connections
pasv_max_port=63333
# controls whether PORT style data connections use port 20 (ftp-data)
connect_from_port_20=YES
# the umask for file creation
local_umask=022
4. Creation of home directoriesCreate each user's home directory in /var/www/virtual, and change the owner of the directory to the user `ftp':
# mkdir /var/www/virtual/mary
# chown ftp:ftp /var/www/virtual/mary
5. Startup of VSFTPD and testNow we can start VSFTPD by the command:
# /usr/sbin/vsftpd /etc/vsftpd/vsftpd-virtual.conf
and test the FTP access of a virtual user:
# lftp -u mary -p 60021 192.168.1.101
The virtual user should have full access to his directory.
Great tutorial, but if the ftp server is up and running, how can I add and delete users?
ReplyDeleteThis is fair easy:
ReplyDelete1. Redo some things of step 2:
Update the plain text file `virtual-users.txt’ you did before with the usernames and passwords on alternating lines:
mary
123456
jack
654321
mynewuser
162534
Then execute again the following command to create the actual database:
# db_load -T -t hash -f virtual-users.txt /etc/vsftpd/virtual-users.db
Redo the step 4 for the new user folder:
# mkdir /var/www/virtual/mynewuser
# chown ftp:ftp /var/www/virtual/mynewuser
That'll do.
Great howto! Useful for a standalone set up but where can find one where I can set up virtual users and regular accounts all running on port 21? Meaning those with shell access and those without shell access can both use an ftp client on port 21.
ReplyDeleteI use pair networks and I have ftp access for my shell account and can set up virtual ftp accounts all on port 21.
I'd like to know the same thing... How do I set up vsftpd so that regular users (those in /etc/passwd) AND virtual users have access? Thx, B.
ReplyDeleteExcellent. Did it in 20 min. with ssl !!!!
ReplyDeleteEasier than I thought
How to I reset all pertinent config files resulting from previous attempts with other tutorials, in order to try a "pure" version of this one? I'm using centos. I'm not really hopeful that it would really make a difference, as this tutorial sets its own configuration files, so it shouldn't be an issue, I guess. But anyway, if anyone knows about some easier way to do that (get rid of configuration files that may be conflicting), I'd like a lot to know. Thanks.
ReplyDeleteI get this on debian lenny, when I run "db_load -T -t hash -f vsftpd_users.txt /etc/vsftpd/virtual-users.db":
ReplyDeletebash: db_load: command not found
????
yeah im getting same error as jacob
ReplyDeletebash: db_load: command not found ??? any ideas im using ubuntu hardy
doesn't matter i fixed it via using the following command
ReplyDeletedb4.2_load -T -t hash -f virtual-users.txt /etc/vsftpd/virtual-users.db
[...] Źródło: http://linuxforfun.net/2008/04/05/vsftpd-virtual-users/ [...]
ReplyDeleteI get this error when starting the ftp server:
ReplyDelete500 OOPS: could not bind listening IPv4 socket
Can anyone help?
Is there anyway to have domain centric authentication ?
ReplyDeleteSo domains example1.com and example2.com will have different users ?
[...] my last article, I described how to setup VSFTPD virtual users. In this article, I will describe another approach [...]
ReplyDeleteI have followed these instructions Steps 1 through 4. When I try step 5, I get "500 OOPS: missing value in config file for: for each virtual user". I'm using CentOS 5.6. I have removed vsftpd, rebooted and reinstalled. Again, I get the same message when trying to start vsftpd (Step 5). I copied the entire config text from Step 3 without making changes..
ReplyDeleteYes, I am a NOOB. Please Advise.
It seems your config file has some error, did you mis-delete the first '#' in the first line beblow?
ReplyDelete# specifies a home directory for each virtual user
user_sub_token=$USER
local_root=/var/www/virtual/$USER
Found the issue - When I copied the configuration from Step 3, there was a return between "specifies a home directory" and "for each virtual user".
ReplyDeleteAlso, on Step 4, I found I needed to use the switch "-p" to create the directory.
Thanks
Hi
ReplyDeleteit worked for me but how can i combine this with SSL ?
thanks
[...] Source Here [...]
ReplyDelete[...] Setup of VSFTPD virtual users | Linux for FunApr 5, 2008 … A simple instruction on setup of VSFTPD virtual users and directories. [...]
ReplyDeleteI want to convert the aboue virtual ftp users to LDAP user auth. Is it possible? If possible then how ? could it be possible to get the steps to do it.
ReplyDeleteNote: I have a LDAP server to manage the users and for other systems i use ldap://ldap..com
Any body could answer me at the earliest......
ReplyDeleteThank you, worked like a charm!
ReplyDelete[...] VSFTPD Virtual Users [...]
ReplyDelete[...] http://sigerr.org/linux/setup-vsftpd-custom-multiple-directories-users-accounts-ubuntu-step-by-step http://linuxforfun.net/2008/04/05/vsftpd-virtual-users/ [...]
ReplyDeleteIm did step by step, but still cant connect from ftp client.
ReplyDeleteAnyone can help me ?, quoctoan2880@yahoo.com
Thanks you very muh
500 OOPS: vsftpd: refusing to run with writable root inside chroot()
ReplyDeleteI'm getting stuck at the end of step two.
ReplyDeleteauth required pam_userdb.so db=/etc/vsftpd/virtual-users - this does not work for me.
i get error 'bash: auth: command not found...' when i use the above command. anyone can help me?
nd... i got it. i'm such a noob
ReplyDelete[…] Thank you for the reply, I was trying to follow this tutorial. http://linuxforfun.net/2008/04/05/vsftpd-virtual-users/ […]
ReplyDeleteYou should note that on Debian, after an upgrade to to Wheezy the configuration above stops working with 'LOGIN failed'.
ReplyDeleteIn Wheezy, vsftpd won't log because the pamd libraries have been moved to a different path.
editing your etc/pam.d/vsftpd and changing the paths should solve the problem :
auth required /lib/i386-linux-gnu/security/pam_userdb.so db=/etc/vsftpd/virtual-users
account required /lib/i386-linux-gnu/security/pam_userdb.so db=/etc/vsftpd/virtual-users
(change the /lib//lib/i386-linux-gnu/security according to your system).
If you can't easily find them :
# sudo apt-get install locate (if you don't already have locate installed)
# sudo updatedb
# locate pam_userdb.so
That one had me searching a whole morning for the reason i couldn't login in with vsftpd anymore, i though I'd share :)