Creating Virtual Users and Directories in vsftpd

(Ubuntu Platform)

Procedures:
1. Virtual users and authentication.
Use of pam_userdb to authenticate the virtual users. This needs a username and password file in
the db format (a common database format).

# apt-cache search db4

At the time of this writing, the latest version of db4 is db4.7

# apt-get install db4.7-util

2. Create a 'db' format file.

Create a plain text file with the username and password on alternating lines. I have used
ftpusers.txt.

tetaguila
tetaguila
cassielper
cjperez

3. Create the actual database.

# db4.7_load -T -t hash -f ftpusers.txt /etc/ftpusers.db

4. Create a PAM file /etc/pam.d/ftpusers-virtual and add the following lines:

auth required pam_userdb.so db=/etc/ftpusers

account required pam_userdb.so db=/etc/ftpusers

5. Configure vsftpd.conf. Here is what my vsftpd.conf file looks like:

#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
#anonymous_enable=YES
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
#activate virtual users
guest_enable=YES
#
#virtual users to use local privs, not anon privs
virtual_use_local_privs=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to E-Mac's FTP service.
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
#
#hides the FTP server user IDs and just display "ftp" in directory listing
hide_ids=YES
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=ftpusers-virtual
#
#In conjuction with 'local_root'
#specifies a home directory for each virtual user
user_sub_token=$USER
local_root=/var/students/$USER
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
6. Create the user's home directories.

# mkdir /opt/students/tetaguila
# mkdir /opt/students/cassielper

7. Set permissions correctly.

# chmod +w /opt/students/tetaguila
# chmod +w /opt/students/cassielper

8. Restart vsftpd server.

# service vsftpd restart

9. Login.