vsftpd
This is an old revision of the document!
VsFTPD
Very secure, but hard to configure for virtual users and chroot.
Here i have crack it down one day for my client.
- | /etc/vsftpd/vsftpd.conf
anonymous_enable=NO local_enable=YES write_enable=NO anon_upload_enable=NO anon_mkdir_write_enable=NO anon_other_write_enable=NO pam_service_name=ftp chroot_local_user=YES guest_enable=NO guest_username=www listen=YES pasv_min_port=30000 pasv_max_port=30999 user_config_dir=/etc/vsftpd/vsftpd_user_conf userlist_enable=YES userlist_file=/etc/vsftpd/denied_users
- create directory “/etc/vsftpd/vsftpd_user_conf”
- create file “/etc/vsftpd/vsftpd_user_conf/www”
- | /etc/vsftpd/vsftpd_user_conf/www
write_enable=YES dirlist_enable=YES download_enable=YES local_root=/var/www/html
- create pam auth rule for db4 based database
- | /etc/pam.d/ftp
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
- crate text file with username / password. users.txt
- | /etc/vsftpd/users.txt
www wwwpassword username2 password2
- generate database based on users.txt file
db_load -T -t hash -f logins.txt /etc/vsftpd/vsftpd_login.db
- generate virtual user restriction for second user
- | /etc/vsftpd/vsftpd_user_conf/username2
local_root=/var/www/html/xyz.com dirlist_enable=YES download_enable=YES write_enable=YES
DONE
vsftpd.1244783180.txt.gz · Last modified: 2020/08/10 02:29 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
