Chroot vsftpd with non-system users
A quick and easy way to setup a chroot Vsftpd with non-system users.
Here you can:
- Configure vsftpd to use ftp virtual users.
- Administer your ftp virtual users through some bash scripts.
|
Warning: |
|
1. Installation
yum -y vsftpd db4-utils
2. Configuration
2.1. Server
Just after install vsftpd package, run one of the following scripts to configure your ftp server.
Script |
Description |
|
Do a basic ftp virtual user configuration without TLS. Here USER and PASS go readable over the wire. |
||
Do a basic ftp virtual user configuration with TLS. Here USER and PASS go unreadable over the wire. |
||
If you are offering ftp service across Internet you probably want to try the vsftpd_virtual_config_withTLS.sh script. Don't you ? 
2.2. Users
Once your vsftpd is configured you can use the following scripts to administer the ftp virtual users:
Script |
Description |
|
Add a new ftp virtual user ( requires vsftpd_virtualuser_config.tpl ). |
||
Update ftp virtual user information. |
||
Remove ftp virtual user (CAUTION!: and all its related data). |
||
Retrieve ftp virtual user information. |
||
Additionally, you can prevent an ftp virtual user from login to the vsftpd by denying its account. You can do this when you create a new ftp virtual user or when you update an existent one.
3. Firewall
In order for this configuration to work, you'll need to open, in the server side, the ftp command port:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
and if you can't transfer data with default configuration rules, then the ftp data transfer range of ports should be opened, in the server side, too:
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 64000:65535 -j ACCEPT
NOTE: This work is based on HowTos/Chroot_Vsftpd_with_non-system_users