Install & Config
First you need vsftp and PAM installed
apt-get install vsftpd libpam-pwdfile
Edit /etc/vsftpd.conf
nano /etc/vsftpd.conf
then paste in the following
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
local_root=/media/DATA/server/vsftpd
chroot_local_user=YES
allow_writeable_chroot=YES
hide_ids=YES
user_config_dir=/etc/vsftpd/users
guest_enable=YES
virtual_use_local_privs=YES
pam_service_name=vsftpd
nopriv_user=vsftpd
guest_username=vsftpd
Edit to your exact needs the most important bit for virtual users is everything after the virtual user settings comment
Creating User
You can either use a database or htpasswd
I found htpasswd
faster and easier to use.
make a directory to store your users
sudo mkdir /etc/vsftpd
sudo htpasswd -cd /etc/vsftpd/passwd user1
adding additional users just remove the -c
htpasswd -d /etc/vsftpd/passwd user2
Once your users are created you can now change your PAM config file
nano /etc/pam.d/vsftpd
and remove everything inside this file and replace with the following
# Standard behaviour for ftpd(8).
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
# Note: vsftpd handles anonymous logins on its own. Do not enable pam_ftp.so.
# Standard pam includes
#@include common-account
#@include common-session
#@include common-auth
#auth required pam_shells.so
# Customized login using htpasswd file
auth required pam_pwdfile.so pwdfile /etc/vsftpd/passwd
account required pam_permit.so
This will enable login for your virtual users defined in /etc/vsftpd/passwd
and will disable local users
Next we need to add a user for these virtual users to use. These users will not have access to the shell and will be called vsftpd
useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd
the user must match guest_username=vsftpd
in the vsftpd conf file
Defining Directory Access
The important line here is the following
user_config_dir=/etc/vsftpd/users
this means that when user1
logs in it will look for the following file
/etc/vsftpd/users/user1
this file the same as the vsftpd.conf
so you can define a new local_root
going back to the question we want user1
to only have access to var/www/website_name1/sub_folder1
, so we need to create the vsftpd_user_conf
folder:
mkdir /etc/vsftpd/users
Now create the user file:
nano /etc/vsftpd/users/user1
and enter the following line
local_root=/var/www/website_name1/sub_folder1
Now restart vsftp
service vsftpd restart
you should now be able to login as user1 who will only be able to see var/www/website_name1/sub_folder1
and any folder and file inside it.
That`s it you can now add as many users as you want and limit their access to whatever folder you wish.