This page looks best with JavaScript enabled

Setup Virtual Users and Directories in VSFTPD

 ·  ☕ 2 min read  ·  ✍️ anz007

Install & Config

First you need vsftp and PAM installed

apt-get install vsftpd libpam-pwdfile

Edit /etc/vsftpd.conf

nano /etc/vsftpd.conf

then paste in the following

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/media/DATA/server/vsftpd
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES

user_config_dir=/etc/vsftpd/users
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd

Edit to your exact needs the most important bit for virtual users is everything after the virtual user settings comment

Creating User

You can either use a database or htpasswd I found htpasswd faster and easier to use.

make a directory to store your users

sudo mkdir /etc/vsftpd 
sudo htpasswd -cd /etc/vsftpd/passwd user1

adding additional users just remove the -c

htpasswd -d /etc/vsftpd/passwd user2

Once your users are created you can now change your PAM config file

nano /etc/pam.d/vsftpd

and remove everything inside this file and replace with the following

# Standard behaviour for ftpd(8).
auth    required        pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed

# Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.

# Standard pam includes
#@include common-account
#@include common-session
#@include common-auth
#auth   required        pam_shells.so

# Customized login using htpasswd file
auth    required pam_pwdfile.so pwdfile /etc/vsftpd/passwd
account required pam_permit.so

This will enable login for your virtual users defined in /etc/vsftpd/passwd and will disable local users

Next we need to add a user for these virtual users to use. These users will not have access to the shell and will be called vsftpd

useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

the user must match guest_username=vsftpd in the vsftpd conf file

Defining Directory Access

The important line here is the following

user_config_dir=/etc/vsftpd/users

this means that when user1 logs in it will look for the following file

/etc/vsftpd/users/user1

this file the same as the vsftpd.conf so you can define a new local_root

going back to the question we want user1 to only have access to var/www/website_name1/sub_folder1, so we need to create the vsftpd_user_conf folder:

mkdir /etc/vsftpd/users

Now create the user file:

nano /etc/vsftpd/users/user1

and enter the following line

local_root=/var/www/website_name1/sub_folder1

Now restart vsftp

service vsftpd restart

you should now be able to login as user1 who will only be able to see var/www/website_name1/sub_folder1 and any folder and file inside it.

That`s it you can now add as many users as you want and limit their access to whatever folder you wish.

Share on