Vsftpd

From campisano.org
Jump to navigation Jump to search

Vsftpd Vademecum

Single user config

/etc/vsftpd.conf

# If enabled, vsftpd will run in standalone mode
listen=YES

listen_port=10021
ftp_data_port=10020
connect_from_port_20=NO

pasv_enable=YES
pasv_min_port=12000
pasv_max_port=12010

# Controls whether anonymous logins are permitted or not
anonymous_enable=NO

# If enabled, all non-anonymous logins are classed as "guest" logins.
guest_enable=NO

# Controls whether local logins are permitted or not.
local_enable=YES

# When enabled, all FTP requests and responses are logged, providing the option xferlog_std_format is not enabled. Useful for debugging.
log_ftp_protocol=YES

# If set to YES, local users will be (by default) placed in a chroot() jail in their home directory after login.
chroot_local_user=YES

# This controls whether any FTP commands which change the filesystem are allowed or not.
write_enable=YES

# If enabled, a log file will be maintained detailling uploads and downloads.
xferlog_enable=YES

# If activated, files and directories starting with . will be shown in directory listings
force_dot_files=YES

Multiple user config

dependences

apt-get install libpam-pwdfile apache2-utils
usermod -d /srv/domain www-data


/etc/vsftpd.conf

# If enabled, vsftpd will run in standalone mode
listen=YES

listen_port=10021
ftp_data_port=10020
connect_from_port_20=NO

pasv_enable=YES
pasv_min_port=12000
pasv_max_port=12010

# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO

nopriv_user=ftp

# Uncomment this to allow local users to log in.
local_enable=YES
write_enable=YES
local_umask=002
chroot_local_user=YES
user_sub_token=$USER
local_root=/srv/domain/$USER

# If enabled, all non-anonymous logins are classed as "guest" logins.
guest_enable=YES
guest_username=www-data
virtual_use_local_privs=YES
hide_ids=YES

syslog_enable=YES
log_ftp_protocol=NO

# Activate logging of uploads/downloads.
xferlog_enable=NO

# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd

/etc/pam.d/vsftpd

# PAM configuration file for vsftpd

auth	required	pam_pwdfile.so pwdfile /etc/vsftpd.passwd
account	required	pam_permit.so

Enable ftp users

htpasswd -c /etc/vsftpd.passwd ${USERNAME}