search
githubEdit

VSFTPD

hashtag
Installation on Ubuntu Server

  • sudo apt-get install vsftpd

hashtag
Configuration

hashtag
Configuration file is in /etc/vsftpd.conf

# Allow local users to log in.
local_enable=YES
#
# Allow Upload
write_enable=YES
# Local user will not be allow to change to a folder different from their home folder
chroot_local_user=YES 
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=YES
#This is a security risk because to allow user to logon there's no way to limit that same user from ssh
#If set their shell to /bin/nologin, they will not be able to login FTP

hashtag
Enable virtual users

  • Create system user to map to virtual users: useradd -d /storage/ftproot vftpuser

  • Configuration file: /etc/vsftpd/vsftpd.conf

  • User specific configuration: /etc/vsftpd/userconf/global (different config), if not needed, user folder will be /storage/ftproot/

  • PAM configuration: /etc/pam.d/vsftpd

  • Generating password

    • Using openssl: openssl passwd -1 , then copy generated password to password in this format

  • Permission for ftp root should be

hashtag
Verification

  • sudo systemctl {status | restart | stop | start } vsftpd.service

hashtag
Some Errors

hashtag
Sample Output

hashtag
PAM adding faulty module: pam_pwdfile.so

  • Solution: sudo apt-get install libpam-pwdfile

hashtag
Couldn’t open /etc/securetty: No such file or directory

  • Solution: cp /usr/share/doc/util-linux/examples/securetty /etc/securetty

hashtag
500 OOPS: vsftpd: refusing to run with writable root inside chroot()

  • Reason: This is caused by the fact that the directory of the user you’re connecting to, is write-enabled. In normal chroot() situations, the parent directory needs to be read-only.

  • Solution: Add this to configuration: allow_writeable_chroot=YES

hashtag
Some Management Tasks

hashtag
Generate many accounts with random passwords

  • Generate random password: python3 PasswordGenerator.py (this script is under Programming/Python/Sample Folder)

  • Generate user:plaintextpassword: echo $username":"$passfromabovecommand

  • Generate user:encryptedpassword: echo $username":"$(openssl passwd -1 $passfromabovecommand)

hashtag
Generate folders for many accounts

  • Copy folder of sample account to other account: sudo cp -r $sampleaccount $newaccount

  • Change ownership of folder and files to vftpuser: sudo chown -R vftpuser:vftpuser $newaccount

hashtag
Reference

  • https://www.golinuxcloud.com/configure-ftp-server-auth-users-ad-linux/

  • https://phoenixnap.com/kb/install-ftp-server-on-ubuntu-vsftpd

  • https://www.youtube.com/watch?v=DAFVYbSzCMU

  • https://wiki.gentoo.org/wiki/Vsftpd/AD_Authentication

  • https://techexpert.tips/vsftpd/vsftpd-kerberos-authentication/

  • https://warlord0blog.wordpress.com/2015/08/04/vsftpd-ldap-active-directory-and-virtual-users/

  • https://www.linuxcloudvps.com/blog/setup-virtual-users-in-vsftpd/

  • https://www.programmersought.com/article/30761286278/

PreviousInstallation and ConfigurationNextEmail

Last updated