Jordan Savant # Software Engineer

Index > Operating Systems > FTP > FTP VsFTPd Setup
view raw

FTP SETUP

I set everything up with vsftpd

Install

As root

apt-get install vsftpd libpam-pwdfile

Edit /etc/vsftpd.conf, comment out everything and put this at the bottom:

# CUSTOM FOR EXAMPLE "ACME"

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/home/wwwgeneral/sites/acme_dropbox/acme_dropbox
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES

#virutal user settings
user_config_dir=/etc/vsftpd_user_conf
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd

# Enable  passive mode
pasv_enable=YES
pasv_max_port=12100
pasv_min_port=12000
port_enable=YES
pasv_address=52.22.81.201

This setup allows us to create virtual users to point to various directories under the website dir /home/wwwgeneral/sites/acme_dropbox/acme_dropbox

Also the pasv_address IP should be the static ip of the server.

Create the FTP parent user in the www-data group (so apache and the ftp user can edit the same folders)

useradd --home /home/vsftpd --gid www-data -m --shell /bin/false vsftpd

Create a virtual user (first time)

mkdir /etc/vsftpd
htpasswd -cd /etc/vsftpd/ftpd.passwd [username]

Setup PAM config to user our username/password system

nano /etc/pam.d/vsftpd

Comment out this file and put in so our virttual users can log in

auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so

Virtual user configs will live in /etc/vsftpd_user_conf/ so each user needs a file here, e.g. /etc/vsftpd_user_conf/user1

vim /etc/vsftpd_user_conf/user1

local_root=/home/wwwgeneral/sites/acme_dropbox/acme_dropbox/foobar

Restart FTP

service vsftpd restart

Create additional users

Create the user and password for user2

htpasswd -d /etc/vsftpd/ftpd.passwd user2

Create the config

vim /etc/vsftpd_user_conf/user2

local_root=/home/wwwgeneral/sites/acme_dropbox/acme_dropbox/foobar

Restart

service vsftpd restart

Remove user

vim /etc/vsftpd/ftpd.passwd

Delete the user

rm /etc/vsftpd_user_conf/[user]

Restart

service vsftpd restart

For Longer than 8 Char passwords

htpasswd -c -p -b /etc/vsftpd/ftpd.passwd user1 $(openssl passwd -1 -noverify password)

PERMISSIONS

We need to make sure acme_dropbox creates folders with the correct permissions

Since our ftp user is in www-data and so is apache we can set group permissions recursively

setfacl -R -d -m u::rwx acme_dropbox
setfacl -R -d -m g::rwx acme_dropbox