====== VsFTPD ====== Very secure, but hard to configure for virtual users and chroot.\\ Usually virtual user help in hosting environment.\\ But it is good to have diff. account on FTP for each person to specific location.\\ Use configuration below and use the commands specified to create new user / manage users. # Disable Anonymous login anonymous_enable=NO # Controls whether local logins are permitted or not. If enabled, normal user accounts in /etc/passwd # (or wherever your PAM config references) may be used to log in. # This must be enable for any non-anonymous login to work, including virtual users. local_enable=YES # This controls whether any FTP commands which change the filesystem are allowed or not. (we override later) write_enable=NO # by default, virtual users are treated with anonymous (i.e. maximally restricted) privilege. (we override later) anon_upload_enable=NO # When enabled, anonymous users will only be allowed to download files which are world readable anon_world_readable_only=NO # If set to YES, anonymous users will be permitted to create new directories (we override later) anon_mkdir_write_enable=NO # operation other than upload, creation consider as other_write e.g.. overwrite ( we override later) anon_other_write_enable=NO # define custom pam service for our purpose. pam_service_name=ftp # chroot users !! yeah we need this chroot_local_user=YES # Guest enable will separate login from passwd - so you do not need system account to exists. # need this for standalone authentication. guest_enable=YES # where you want to guest user to - generally apache user OR directory owner guest_username=www # This needed as listen has to be enable for ftp to work listen=YES # Passive port range specification pasv_min_port=30000 pasv_max_port=30999 # Location where we override all above options where we need overriding. user_config_dir=/etc/vsftpd/vsftpd_user_conf # Need this to disable some users from system userlist_enable=YES # List of the users which is disabled userlist_file=/etc/vsftpd/denied_users # Maximum ftp client at any given moment of time max_clients=100 # How many connection from single ip max_per_ip=10 Additional Log options, you would like to add to above config i have added xferlog_enable=YES xferlog_std_format=YES dual_log_enable=YES log_ftp_protocol=YES * create directory "/etc/vsftpd/vsftpd_user_conf" * create file "/etc/vsftpd/vsftpd_user_conf/www" NOTE : now we are overriding all disabled options for each user. (if not you will be denied for anything LOL) write_enable=YES dirlist_enable=YES download_enable=YES anon_upload_enable=YES anon_other_write_enable=YES anon_mkdir_write_enable=YES local_root=/var/www/html * create pam auth rule for db4 based database auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login * crate text file with username / password. users.txt www wwwpassword username2 password2 * generate database based on users.txt file db_load -T -t hash -f logins.txt /etc/vsftpd/vsftpd_login.db * generate virtual user restriction for second user local_root=/var/www/html/xyz.com dirlist_enable=YES download_enable=YES write_enable=YES anon_upload_enable=YES anon_other_write_enable=YES anon_mkdir_write_enable=YES * If you see permission 600 and you have issue with that permission and not able to chmod. try following additional lines. chmod_enable=YES virtual_use_local_privs=YES NOTE : any change to user setting does not require restart - but new ftp connection needed. Some use full link : \\ [[ http://kbase.redhat.com/faq/docs/DOC-6202 | user permission fix ]] DONE