Differences

This shows you the differences between two versions of the page.

--- vsftpd [2009/06/12 05:38] – k2patel
+++ vsftpd [2020/08/10 02:35] (current) – external edit 127.0.0.1
@@ Line 2: / Line 2: @@
 Very secure, but hard to configure for virtual users and chroot.\\
-Here i have crack it down one day for my client.
+Usually virtual user help in hosting environment.\\
+But it is good to have diff. account on FTP for each person to specific location.\\
+Use configuration below and use the commands specified to create new user / manage users.
 <code bash | /etc/vsftpd/vsftpd.conf>
+# Disable Anonymous login
 anonymous_enable=NO
+# Controls whether local logins are permitted or not. If enabled, normal user accounts in /etc/passwd
+# (or wherever your PAM config references) may be used to log in.
+# This must be enable for any non-anonymous login to work, including virtual users.
 local_enable=YES
+# This controls whether any FTP commands which change the filesystem are allowed or not. (we override later)
 write_enable=NO
+# by default, virtual users are treated with anonymous (i.e. maximally restricted) privilege. (we override later)
 anon_upload_enable=NO
+# When enabled, anonymous users will only be allowed to download files which are world readable
+anon_world_readable_only=NO
+# If set to YES, anonymous users will be permitted to create new directories (we override later)
 anon_mkdir_write_enable=NO
+# operation other than upload, creation consider as other_write e.g.. overwrite ( we override later)
 anon_other_write_enable=NO
+# define custom pam service for our purpose.
 pam_service_name=ftp
+# chroot users !! yeah we need this
 chroot_local_user=YES
-guest_enable=NO
+# Guest enable will separate login from passwd - so you do not need system account to exists.
+# need this for standalone authentication.
+guest_enable=YES
+# where you want to guest user to - generally apache user OR directory owner
 guest_username=www
+# This needed as listen has to be enable for ftp to work
 listen=YES
+# Passive port range specification
 pasv_min_port=30000
 pasv_max_port=30999
+# Location where we override all above options where we need overriding.
 user_config_dir=/etc/vsftpd/vsftpd_user_conf
+# Need this to disable some users from system
 userlist_enable=YES
+# List of the users which is disabled
 userlist_file=/etc/vsftpd/denied_users
+# Maximum ftp client at any given moment of time
+max_clients=100
+# How many connection from single ip
+max_per_ip=10
+</code>
+Additional Log options, you would like to add to above config i have added
+<code bash>
+xferlog_enable=YES
+xferlog_std_format=YES
+dual_log_enable=YES
+log_ftp_protocol=YES
 </code>
   * create directory "/etc/vsftpd/vsftpd_user_conf"
   * create file "/etc/vsftpd/vsftpd_user_conf/www"
+NOTE : now we are overriding all disabled options for each user. (if not you will be denied for anything LOL)
 <code bash | /etc/vsftpd/vsftpd_user_conf/www>
@@ Line 30: / Line 103: @@
 dirlist_enable=YES
 download_enable=YES
+anon_upload_enable=YES
+anon_other_write_enable=YES
+anon_mkdir_write_enable=YES
 local_root=/var/www/html
 </code>
@@ Line 62: / Line 138: @@
 download_enable=YES
 write_enable=YES
+anon_upload_enable=YES
+anon_other_write_enable=YES
+anon_mkdir_write_enable=YES
 </code>
-drawback - You still need system user to login, i am finding fix for it.
+  * If you see permission 600 and you have issue with that permission and not able to chmod. try following additional lines.
+<code bash | /etc/vsftpd/vsftpd_user_conf/username2>
+chmod_enable=YES
+virtual_use_local_privs=YES
+</code>
+NOTE : any change to user setting does not require restart - but new ftp connection needed.
+Some use full link : \\
+[[ http://kbase.redhat.com/faq/docs/DOC-6202 | user permission fix ]]
 DONE