How to create a FTP Linux server where users have access only to specific directories using VSFTPD Linux CLI

This is a detailed reference guide on how to create a FTP Linux server where users have access only to specific directories using VSFTPD.

1. Install vsftpd, libpam-pwdfile and apache2

Omit the apache2 part if this is already installed.

apt-get install vsftpd libpam-pwdfile apache2 

2. Edit vsftpd.conf

2.1 Make a backup of the file vsftpd.conf

mv /etc/vsftpd.conf /etc/vsftpd.conf.bak

2.2 Edit the file /etc/vsftpd.conf

nano /etc/vsftpd.conf

2.3 Remove any existing configuration and add only the following

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
nopriv_user=vsftpd
virtual_use_local_privs=YES
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/$USER
chroot_local_user=YES
hide_ids=YES
guest_username=vsftpd

The chroot_local_user=YES line disables operations outside user’s home directory.

3. Create users

This will create users that do not have shell access meaning they will only have access via FTP.

3.1 Create directory /etc/vsftp

mkdir /etc/vsftpd

3.2 Create file ftpd.passwd and add the first user

htpasswd -cd /etc/vsftpd/ftpd.passwd user1

3.3 Create additional users (the command differs from above)

The above command will prompt you for a password. The below command will allow you to add additional users with one command.

htpasswd -db /etc/vsftpd/ftpd.passwd user2 123

4. Edit /etc/pam.d/vsftpd

4.1 Make a back up the file /etc/pam.d/vsftpd

mv /etc/pam.d/vsftpd /etc/pam.d/vsftpd.bak

4.2 Edit the file /etc/pam.d/vsftpd

nano /etc/pam.d/vsftpd

4.3 Remove any existing configuration and add only the following

auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftpd.passwd
account required pam_permit.so

5. Create a local user without shell access

useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

6. Create a directory to share will all users

mkdir /home/vsftpd/public_share

7. Create directories and mount shared directory

You will need to configure this for each and every user.

7.1 Create directories

mkdir /var/www/user1
chmod -w /var/www/user1
mkdir /var/www/user1/www
chmod -R 755 /var/www/user1/www
chown -R vsftpd:nogroup /var/www/user1

7.2 Mount the shared directory created at step 6

mount --bind /home/vsftpd/public_share /var/www/user1/www

8. Restart vsftpd

service vsftpd restart

9. Test

If you are new to the world of Linux, an avid Linux enthusiast or a student why not try our 0.99p per month Linux VPS.

Simply click on the screen shot below to find out more or navigate to https://piggybank.cloud

Thank you for reading and please feel free to leave any feedback.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s