vsftpd
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| vsftpd [2009/06/12 04:57] – created k2patel | vsftpd [2020/08/10 02:35] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 2: | Line 2: | ||
| Very secure, but hard to configure for virtual users and chroot.\\ | Very secure, but hard to configure for virtual users and chroot.\\ | ||
| - | Here i have crack it down one day for my client. | + | Usually virtual user help in hosting environment.\\ |
| + | But it is good to have diff. account on FTP for each person to specific location.\\ | ||
| + | |||
| + | Use configuration below and use the commands specified to create new user / manage users. | ||
| <code bash | / | <code bash | / | ||
| + | # Disable Anonymous login | ||
| + | |||
| anonymous_enable=NO | anonymous_enable=NO | ||
| + | |||
| + | # Controls whether local logins are permitted or not. If enabled, normal user accounts in / | ||
| + | # (or wherever your PAM config references) may be used to log in. | ||
| + | # This must be enable for any non-anonymous login to work, including virtual users. | ||
| + | |||
| local_enable=YES | local_enable=YES | ||
| + | |||
| + | # This controls whether any FTP commands which change the filesystem are allowed or not. (we override later) | ||
| + | |||
| write_enable=NO | write_enable=NO | ||
| + | |||
| + | # by default, virtual users are treated with anonymous (i.e. maximally restricted) privilege. (we override later) | ||
| + | |||
| anon_upload_enable=NO | anon_upload_enable=NO | ||
| + | |||
| + | # When enabled, anonymous users will only be allowed to download files which are world readable | ||
| + | |||
| + | anon_world_readable_only=NO | ||
| + | |||
| + | # If set to YES, anonymous users will be permitted to create new directories (we override later) | ||
| + | |||
| anon_mkdir_write_enable=NO | anon_mkdir_write_enable=NO | ||
| + | |||
| + | # operation other than upload, creation consider as other_write e.g.. overwrite ( we override later) | ||
| anon_other_write_enable=NO | anon_other_write_enable=NO | ||
| + | |||
| + | # define custom pam service for our purpose. | ||
| + | |||
| pam_service_name=ftp | pam_service_name=ftp | ||
| + | |||
| + | # chroot users !! yeah we need this | ||
| + | |||
| chroot_local_user=YES | chroot_local_user=YES | ||
| - | guest_enable=NO | + | |
| + | # Guest enable will separate login from passwd - so you do not need system account to exists. | ||
| + | # need this for standalone authentication. | ||
| + | |||
| + | guest_enable=YES | ||
| + | |||
| + | # where you want to guest user to - generally apache user OR directory owner | ||
| guest_username=www | guest_username=www | ||
| + | |||
| + | # This needed as listen has to be enable for ftp to work | ||
| + | |||
| listen=YES | listen=YES | ||
| + | |||
| + | # Passive port range specification | ||
| + | |||
| pasv_min_port=30000 | pasv_min_port=30000 | ||
| pasv_max_port=30999 | pasv_max_port=30999 | ||
| + | |||
| + | # Location where we override all above options where we need overriding. | ||
| + | |||
| user_config_dir=/ | user_config_dir=/ | ||
| + | |||
| + | # Need this to disable some users from system | ||
| + | |||
| userlist_enable=YES | userlist_enable=YES | ||
| + | |||
| + | # List of the users which is disabled | ||
| + | |||
| userlist_file=/ | userlist_file=/ | ||
| + | |||
| + | # Maximum ftp client at any given moment of time | ||
| + | |||
| + | max_clients=100 | ||
| + | |||
| + | # How many connection from single ip | ||
| + | |||
| + | max_per_ip=10 | ||
| </ | </ | ||
| + | |||
| + | Additional Log options, you would like to add to above config i have added | ||
| + | |||
| + | <code bash> | ||
| + | xferlog_enable=YES | ||
| + | xferlog_std_format=YES | ||
| + | dual_log_enable=YES | ||
| + | log_ftp_protocol=YES | ||
| + | </ | ||
| + | |||
| + | * create directory "/ | ||
| + | * create file "/ | ||
| + | |||
| + | NOTE : now we are overriding all disabled options for each user. (if not you will be denied for anything LOL) | ||
| + | |||
| + | <code bash | / | ||
| + | write_enable=YES | ||
| + | dirlist_enable=YES | ||
| + | download_enable=YES | ||
| + | anon_upload_enable=YES | ||
| + | anon_other_write_enable=YES | ||
| + | anon_mkdir_write_enable=YES | ||
| + | local_root=/ | ||
| + | </ | ||
| + | |||
| + | * create pam auth rule for db4 based database | ||
| <code bash | / | <code bash | / | ||
| Line 27: | Line 115: | ||
| account required / | account required / | ||
| </ | </ | ||
| + | |||
| + | * crate text file with username / password. users.txt | ||
| + | |||
| + | <code bash | / | ||
| + | www | ||
| + | wwwpassword | ||
| + | username2 | ||
| + | password2 | ||
| + | </ | ||
| + | |||
| + | * generate database based on users.txt file | ||
| + | |||
| + | <code bash> | ||
| + | db_load -T -t hash -f logins.txt / | ||
| + | </ | ||
| + | |||
| + | * generate virtual user restriction for second user | ||
| + | |||
| + | <code bash | / | ||
| + | local_root=/ | ||
| + | dirlist_enable=YES | ||
| + | download_enable=YES | ||
| + | write_enable=YES | ||
| + | anon_upload_enable=YES | ||
| + | anon_other_write_enable=YES | ||
| + | anon_mkdir_write_enable=YES | ||
| + | </ | ||
| + | |||
| + | * If you see permission 600 and you have issue with that permission and not able to chmod. try following additional lines. | ||
| + | |||
| + | <code bash | / | ||
| + | chmod_enable=YES | ||
| + | virtual_use_local_privs=YES | ||
| + | </ | ||
| + | |||
| + | NOTE : any change to user setting does not require restart - but new ftp connection needed. | ||
| + | |||
| + | Some use full link : \\ | ||
| + | [[ http:// | ||
| + | |||
| + | DONE | ||
vsftpd.1244782673.txt.gz · Last modified: 2020/08/10 02:29 (external edit)