Setup Virtual FTP user with custom directories in Passive mode

  • Posted on: 2 March 2017
  • By: jmu

I am using AWS for managing my IP address. But the only thing I used on AWS is: setting up my FTP port. If you are using AWS but don't know how to setup port on Amazon Cloud Server. Please check this Stack Answer. I followed the first two steps for setting FTP port. In this blog, I will give the tutorial step by step, show some errors that I suffered and provide some links you might be interested.

Introduction:

  • Install vsftpd and PAM library
  • Set FTP port
  • Edit /etc/vsftpd.conf
  • Create admin account
  • Create user accounts
  • Edit /etc/pam.d/vsftpd
  • Create a local user
  • Restart vsftpd server
  • Set custom directories on command line

OK! LET DO IT!

1. Install vsftpd and PAM library

PAM can help us create virtual users without creating HOME directory.

sudo apt-get install vsftpd libpam-pwdfile

 

2. Set FTP Port

Normally, we have a default FTP port on the server which is 21. However, you can change this port number and set to another. (Port numbers range from 0 to 65536, but you cannot use them all. See here.) I recommended using a short range for personal or small business use. I found a blog which talks about this in detail: (http://www.jscape.com/blog/bid/80512/Active-v-s-Passive-FTP-Simplified)

If you are not using AWS: Login as root -> go to /etc/vsftpd.conf -> edit /etc/vsftpd.conf file -> find `listen_port=21` line -> change it to `listen_port=2017` (2017 is an example, you can choose other) ->save and close -> restart vsftpd server: `sudo service vsftpd restart`

If you are using AWS: Login to EC2 Dashboard -> Find and Open 'Security Groups' under 'NETWORK & SECURITY' in sidebar menu -> Select the group which has your FTP server -> Find 'Inbound' which is next to 'Description' at the bottom -> Edit -> Add rule -> Add your FTP port number  
(REFERENCE: http://stackoverflow.com/questions/7052875/setting-up-ftp-on-amazon-cloud-server)

3. Edit /etc/vsftpd.conf

Back up your original file first

sudo mv /etc/vsftpd.conf /etc/vsftpd.conf.bak

Create a new vsftpd.conf file

sudo nano /etc/vsftpd.conf

Copy and Paste the following lines to your vsftpd.conf file.

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
nopriv_user=vsftpd
virtual_use_local_privs=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/$USER
chroot_local_user=YES
hide_ids=YES
guest_username=vsftpd
chroot_list_enable=YES
pam_service_name=vsftpd
pasv_enable=Yes
pasv_max_port=20017
pasv_min_port=20017
pasv_address=52.246.12.45

A short explanation for these lines: I will use 'vsftpd' as the username for all virtual user. All FTP user can only access to '/var/www/username' folder (we will have to create the folder later). My FTP port number is '20017' and my IP for FTP server is '52.246.12.45'. Your can use PASSIVE transfer mode based on this configuration. I added "chroot_list_enable=YES" line since I will add an admin account later. "chroot_list_enable=YES" means that all virtual user will be placed into their folder EXCEPT users (eg. ADMIN user) in the /etc/vsftpd.chroot_list. 

4.Create user accounts

Create a vsftpd folder that you can put all your personal configuration files there. 

sudo mkdir /etc/vsftpd

Now, we can create users and password. '-c' is for creating new file if you don't have one.

sudo htpasswd -cd /etc/vsftpd/ftpd.passwd user1

For more users, please use:

sudo htpasswd -d /etc/vsftpd/ftpd.passwd user2
sudo htpasswd -d /etc/vsftpd/ftpd.passwd user3

 

5.Create admin account (OPTIONAL)

We need to create a new user first. Be sure that you won't use this name as a standard virtual user. 

sudo htpasswd -d /etc/vsftpd/ftpd.passwd ftpadmin

THEN, add "ftpadmin" into /etc/vsftpd.chroot_list fileThis means it will direct to the local user's home directory once you login by this name.

6. Edit /etc/pam.d/vsftpd

I always recommend you to backup your original file

sudo mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak

Then, create a new one:

sudo nano /etc/pam.d/vsftpd

Copy and paste the following two lines. I wasted lots of my time on this file and it's so painful. 

auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so

 

7. Create a local user

We need a local user for virtual users to use.

sudo useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

 

8. Restart vsftpd server

The common way is using init.d like all deamon:

sudo /etc/init.d/vsftpd restart

OR

sudo service vsftpd restart

 

9. Set custom directories on command line

sudo mkdir /var/www/user1
sudo chmod -w /var/www/user1
sudo mkdir www/user1/ftp
sudo chmod -R 755 /var/www/user1/ftp
sudo chown -R vsftpd:nogroup /var/www/user1

Make sure your root directory doesn't have WRITE permission. Otherwise, you will get 500 Error.

10. Done! Enjoy using your virtual user account!

filezilla vsftpd

REFERENCES:

1. Setup VSFTPD with custom multiple directories and (virtual) users accounts on Ubuntu (no database required) - The first and the best tutorial I followed. 

2. How to setup virtual users for vsftpd with access to a specific sub directory?

Tags: 

Add new comment

CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.