User Tools

Site Tools


linux:applications:vsftpd

vsftpd - FTP Server

Server configuration - vsftpd.config

The vsftpd FTP server is configured with a config file, usually found under /etc/vsftpd/vstfpd.conf.

See the example config for a secure FTP service:

#
# standard settings:
# disable anonymous, enable local users
# use vsftpd as non privileged user
#
anonymous_enable=NO
local_enable=YES
write_enable=YES
xferlog_enable=YES
 
 
userlist_deny=NO
userlist_enable=YES
chroot_local_user=YES
 
#
# per user configs go here
#
user_config_dir=/etc/vsftpd/vsftpd_user_conf
 
#
# set umask --> results in 755
#
local_umask=022
 
 
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
 
# If you want, you can have your log file in standard ftpd xferlog format
xferlog_std_format=NO

:!: Be aware, that with this configuration (userlist_deny=NO / userlist_enable=YES) vsftpd.user_list gets meaningless because no user is allowed to connect to ftp by default and has to be added to vsftpd.user_list explicitly! :!:

Configure SeLinux

setsebool‎ ‏-P ftp_home_dir on

Adding FTP users

:!: The user account referenced below must exist on the system ⇒ see HowTo create a local user (with ssh/ftp access) for details

  1. Create an entry in the file /etc/vsftpd/user_list
    1. The username must be entered into the file
  2. Create a config file for the user under /etc/vsftpd/vsftpd_user_conf/:
    1. The file name is the same as the username
  3. restart vsftpd “service vsftpd restart”

Example config file:

local_root=/home/www/example/
local_umask=002

Config in order to create files as 775:

local_root=/data/www/shop/
file_open_mode=0777
local_umask=002

Logging

In order to log all FTP access to the server we have to either set xferlog_std_format to NO, comment the line with a hash mark (#), or delete the line entirely.
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
  • Per default the log file is named xferlog.
  • You can change this to vsftpd.log with the following configuration:
# You may override where the log file goes if you like. The default is shown
# below.
xferlog_file=/var/log/vsftpd.log
  • Check the log with the tail command:
tail -n 100 /var/log/xferlog

Exclude a user from chroot

Configuration within /etc/vsftpd/vsftpd.conf

chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

Within /etc/vsftpd/chroot_list

# If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot
myuser_to_exclude
/srv/wiki.niwos.com/data/pages/linux/applications/vsftpd.txt · Last modified: 2012/10/15 15:49 by niwo