Daily *Nix

User Tools

Site Tools

Trace: vsftpd
vsftpd

This is an old revision of the document!

VsFTPD

Very secure, but hard to configure for virtual users and chroot.
Here i have crack it down one day for my client.

| /etc/vsftpd/vsftpd.conf
# Disable Anonymous login
 
anonymous_enable=NO
 
# Controls whether local logins are permitted or not. If enabled, normal user accounts in /etc/passwd 
# (or wherever your PAM config references) may be used to log in. 
# This must be enable for any non-anonymous login to work, including virtual users.
 
local_enable=YES
 
# This controls whether any FTP commands which change the filesystem are allowed or not. (we override later)
 
write_enable=NO
 
#by default, virtual users are treated with anonymous (i.e. maximally restricted) privilege. (we override later)
 
anon_upload_enable=NO
 
anon_world_readable_only=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
pam_service_name=ftp
chroot_local_user=YES
guest_enable=YES
guest_username=www
listen=YES
pasv_min_port=30000
pasv_max_port=30999
user_config_dir=/etc/vsftpd/vsftpd_user_conf
userlist_enable=YES
userlist_file=/etc/vsftpd/denied_users
max_clients=100
max_per_ip=10

Additional Log options 

xferlog_enable=YES
xferlog_std_format=YES
dual_log_enable=YES
log_ftp_protocol=YES
  • create directory “/etc/vsftpd/vsftpd_user_conf”
  • create file “/etc/vsftpd/vsftpd_user_conf/www”
| /etc/vsftpd/vsftpd_user_conf/www
write_enable=YES
dirlist_enable=YES
download_enable=YES
local_root=/var/www/html
  • create pam auth rule for db4 based database
| /etc/pam.d/ftp
auth    required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
  • crate text file with username / password. users.txt
| /etc/vsftpd/users.txt
www
wwwpassword
username2
password2
  • generate database based on users.txt file
db_load -T -t hash -f logins.txt /etc/vsftpd/vsftpd_login.db
  • generate virtual user restriction for second user
| /etc/vsftpd/vsftpd_user_conf/username2
local_root=/var/www/html/xyz.com
dirlist_enable=YES
download_enable=YES
write_enable=YES

DONE

vsftpd.1244795823.txt.gz · Last modified: 2020/08/10 02:29 (external edit)

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki