Easy vsFTPD – FTP server with virtual users on Debian 8 Jessie

 In Dedicated, VPS, Web

First things first. Update your Debian System:

# apt-get update && apt-get upgrade

If you don’t have Apache2 webserver or if you are using NGINX, you will have to install apache2-utils which is needed to generate passwords for the users.

# apt-get install apache2-utils

Install the vsftpd service:

# apt-get install vsftpd libpam-pwdfile

Edit the vsftpd configuration file and uncomment the bellow lines. Use vim or nano. The lines that are not present in the conf file, put them at the bottom.

# vim /etc/vsftpd.conf

listen=YES
listen_ipv6=NO
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
nopriv_user=vsftpd
chroot_local_user=YES
allow_writeable_chroot=yes
guest_username=vsftpd
virtual_use_local_privs=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/$USER
hide_ids=YES

# Exclude this if you are doing this guide on your own private server
seccomp_sandbox=NO 

Next, we should modify our /etc/pam.d/vsftpd file to check the users/passwords file that we are about to create.

First, create a backup of the file and then edit the existing one:

# cp /etc/pam.d/vsftpd{,.bak}

# vim /etc/pam.d/vsftpd

Remove everything from the file and add these lines instead:

auth required pam_pwdfile.so pwdfile /etc/ftpd.passwd
account required pam_permit.so

Create the main user that will be used by the virtual users to authenticate:

# useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

Once that is done we can create our users/passwords file.
Note: The passwords used by this method can be up to 8 characters long. If you wish vsftpd to read stronger passwords you might want to search for a different pam module.

# htpasswd -cd /etc/ftpd.passwd hhtest1

Add another user and append it to the ftpd.passwd file. The -c flag is omitted here.

# htpasswd -d /etc/ftpd.passwd hhtest2

Next, add the directories for the users since vsftpd will not create them automatically.

## For hhtest1
# mkdir /var/www/hhtest1
# chown vsftpd:nogroup /var/www/hhtest1
# chmod +w /var/www/hhtest1

## For hhtest2
# mkdir /var/www/hhtest2
# chown vsftpd:nogroup /var/www/hhtest2
# chmod +w /var/www/hhtest2

Finally, start the vsftp daemon and set it to automatically start on system boot.

# systemctl start vsftpd && systemctl enable vsftpd

Check the status to make sure the service is started:

# systemctl status vsftpd
● vsftpd.service - vsftpd FTP server
Loaded: loaded (/lib/systemd/system/vsftpd.service; enabled)
Active: active (running) since Sat 2016-12-03 11:07:30 CST; 23min ago
Main PID: 5316 (vsftpd)
CGroup: /system.slice/vsftpd.service
├─5316 /usr/sbin/vsftpd /etc/vsftpd.conf
├─5455 /usr/sbin/vsftpd /etc/vsftpd.conf
└─5457 /usr/sbin/vsftpd /etc/vsftpd.conf

Test your setup

Use FileZilla or WinSCP to login to your system using the users and passwords that you created previously.
Create a test directory and a test file from the clients.
On the server check that the files are successfully created with:

# ls -l /var/www/hhtest1
# ls -l /var/www/hhtest2

 

Recommended Posts

Start typing and press Enter to search