Installing vsftpd using text file for virtual users

Notice

This tutorial is for older Debian versions and may not work for current versions. Please refer to the links below to find a newer tutorial.

vsftpd is a secure, fast and stable FTP server. In this tutorial we’ll install the server and make it check in a flat text file for virtual users allowed to login.

1. Install required packages

apt-get install vsftpd libpam-pwdfile

2. Configure vsftpd (pico /etc/vsftpd.conf)

Edit these variables in the config file and leave everything else with the default value.

anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
nopriv_user=vsftpd
virtual_use_local_privs=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/$USER
chroot_local_user=YES
hide_ids=YES
guest_username=vsftpd

Set the local_root to the parent directory where the user’s home directories are located

3. Configure PAM to check the passwd file for users (pico /etc/pam.d/vsftpd)

auth required pam_pwdfile.so pwdfile /etc/ftpd.passwd
account required pam_permit.so

Make sure you remove everything else from the file

4. Create the passwd file containing the users

htpasswd -c /etc/ftpd.passwd user1

You can later add additional users to the file like this:

htpasswd /etc/ftpd.passwd user2

5. Create a local user that’s used by the virtual users to authenticate

useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

6. Restart vsftpd

/etc/init.d/vsftpd restart

7. Create user’s home directory since vsftpd doesn’t do it automatically

mkdir /var/www/user1
chown vsftpd:nogroup /var/www/user1

12 comments

  1. Amazing tutorial! Very simple, clear, and best of all, ACCURATE.

    I have been trying different tutorials for hours now, and all of them were missing critical steps, such as setting up a local user, or setting permissions for the var/www/user1 folder.

    I didn’t think it would be so hard to remember all the steps and put them in a tutorial…. But apparently it is very difficult!

    Thank you, thank you, and thank you! You are one in a million!

  2. One minor change that finally got it working for me. Add /bin/false to /etc/shells to make it a valid login shell for your virtual user.

  3. If you use Ubuntu Server 12.04 LTS you need to use the -d in htpasswd since newer versions seems to use MD5 instead of Crypt that was default before.

    Example to create a new ftpd.passwd file:
    htpasswd -cd /etc/ftpd.passwd user1

    Example of adding a new user to an existing ftpd.passwd file:
    htpasswd -d /etc/ftpd.passwd user2

  4. i cant login no matter what i try.
    already added users without password.

    always get :FAIL LOGIN in the log

  5. Malte, make sure you really have removed all the content of /etc/pam.d/vsftpd before you add the two lines (auth and account) to it! I had an really hard time getting the login to work but that solved it for me :)

  6. First, thanks for the ‘how-to’ – Excellent and clear to follow. I couldn’t get the “security” update to work by changing vsftpd.conf. But I was able to get it to work by adding a sub-folder to the root folder in step 7 with these changes. Make user1 unwriteable, make uploads writable. Minor nuisance, but it works.

    mkdir /var/www/user1
    mkdir /var/www/user1/uploads
    chown -R vsftpd:nogroup /var/www/user1
    chmod a-w /var/www/user1

  7. Ditto and ditto! Super clear instructions. Newbie in both linux and raaspberry, but managed is setting up raspian server from a Slitaz machine via ssh only.
    Saw the same problems mentioned in comments, and solved them the same way.
    Thnks to writer and commenteers for a great tutorial!!
    /Pete

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>