This is an old revision of the document!
Very secure, but hard to configure for virtual users and chroot.
Here i have crack it down one day for my client.
# Disable Anonymous login anonymous_enable=NO # Controls whether local logins are permitted or not. If enabled, normal user accounts in /etc/passwd # (or wherever your PAM config references) may be used to log in. # This must be enable for any non-anonymous login to work, including virtual users. local_enable=YES # This controls whether any FTP commands which change the filesystem are allowed or not. (we override later) write_enable=NO #by default, virtual users are treated with anonymous (i.e. maximally restricted) privilege. (we override later) anon_upload_enable=NO anon_world_readable_only=NO anon_mkdir_write_enable=NO anon_other_write_enable=NO pam_service_name=ftp chroot_local_user=YES guest_enable=YES guest_username=www listen=YES pasv_min_port=30000 pasv_max_port=30999 user_config_dir=/etc/vsftpd/vsftpd_user_conf userlist_enable=YES userlist_file=/etc/vsftpd/denied_users max_clients=100 max_per_ip=10
Additional Log options
xferlog_enable=YES xferlog_std_format=YES dual_log_enable=YES log_ftp_protocol=YES
write_enable=YES dirlist_enable=YES download_enable=YES local_root=/var/www/html
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
www wwwpassword username2 password2
db_load -T -t hash -f logins.txt /etc/vsftpd/vsftpd_login.db
local_root=/var/www/html/xyz.com dirlist_enable=YES download_enable=YES write_enable=YES
DONE