Chroot vsftpd with non-system users

A quick and easy way to setup a chroot Vsftpd with non-system users.

Here you can:

  1. Configure vsftpd to use ftp virtual users.
  2. Administer your ftp virtual users through some bash scripts.

Do not name your virtual users the same as your system users.
These scripts will delete your system users' accounts if you do so!


yum -y vsftpd db4-utils



Just after install vsftpd package, run one of the following scripts to configure your ftp server.



Do a basic ftp virtual user configuration without TLS. Here USER and PASS go readable over the wire.

Do a basic ftp virtual user configuration with TLS. Here USER and PASS go unreadable over the wire.

If you are offering ftp service across Internet you probably want to try the script. Don't you ? :)


Once your vsftpd is configured you can use the following scripts to administer the ftp virtual users:



Add a new ftp virtual user ( requires vsftpd_virtualuser_config.tpl ).

Update ftp virtual user information.

Remove ftp virtual user (CAUTION!: and all its related data).

Retrieve ftp virtual user information.

Additionally, you can prevent an ftp virtual user from login to the vsftpd by denying its account. You can do this when you create a new ftp virtual user or when you update an existent one.


In order for this configuration to work, you'll need to open, in the server side, the ftp command port:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT

and if you can't transfer data with default configuration rules, then the ftp data transfer range of ports should be opened, in the server side, too:

-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 64000:65535 -j ACCEPT

NOTE: This work is based on HowTos/Chroot_Vsftpd_with_non-system_users

HowTos/Chroot Vsftpd with non-system users (last edited 2011-01-25 10:32:59 by AlanBartlett)