We already talked about VSFTPD in this post, where we explained how to configure the service on a Linux CentOS machine, and also in this other post, where we explained how to install and configure a self-signed SSL certificate to secure the connections using the FTPS protocol.
In this article we’ll explain how to assign a different home folder / home directory to each FTP user. Here’s what we do in detail:
- create two users, respectively called ftp1 and ftp2.
- configure VSFTPD to allow both of them and, while we’re there, to deny login attempts from any other users (including root) for security reasons.
- setup the /var/www/ftp1/ home folder for the user ftp1 and the /var/www/ftp2/ home folder for the user ftp2.
Creating the users
Let’s start with the easy stuff: creating the ftp1 and ftp2 users.
Type this in your terminal console with an elevated account (or use sudo):
> useradd ftp1
> passwd ftp1
Choose a strong password and confirm it, then repeat the same process for the ftp2 user.
> useradd ftp2
> passwd ftp2
Again, choose a (different) strong password, confirm it and you’re done.
Open the VSFTPD configuration file, which should be lying in the following path:
And add the following lines:
# Disable anonymous login
# Enable the userlist
# Configure the userlist to act as a whitelist (only allow users who are listed there)
# Allow the local users to login to the FTP (if they're in the userlist)
# Allow virtual users to use the same privileges as local users
# Setup the virtual users config folder
IMPORTANT: Try to avoid duplicate settings: if some of the above settings are already present in your vsftpd.conf file either comment them out or delete them, or the VSFTPD service will be unable to start.
The above options are quite self-explanatory: we’re basically telling VSFTP to allow FTP access only to the local users that we’ll put into the user_list file, fetching their configuration from the /user_config_dir/ folder.
Now let’s open the /etc/vsftpd/user_list file and add the ftp1 and ftp2 users in the following way:
# vsftpd userlist
Setup the Home Folders
Now that we’ve allowed those two users to access our FTP server (and closed it to anyone else), the last thing we need to do is to configure their home folder.
To do that, create the /etc/vsftpd/user_config_dir/ folder and create two files with the exact same name of the two users:
> mkdir /etc/vsftpd/user_config_dir/
> touch /etc/vsftpd/user_config_dir/ftp1
> touch /etc/vsftpd/user_config_dir/ftp2
Right after that, edit the ftp1 file in the following way:
Once done, do the same with the ftp2 file, specifying a different home folder:
That’s it! Now you can create a separate, dedicated home folders for each one of your FTP users.
Remember to add a SSL certificate to your VSFTP server to better secure it and also to shield it against malicious attempts to steal your precious data!