Table of Contents
We already talked about VSFTPD in this post, where we explained how to configure the service on a Linux CentOS machine, and also in this other post, where we explained how to install and configure a self-signed SSL certificate to secure the connections using the FTPS protocol.
In this article we'll explain how to assign a different home folder / home directory to each FTP user. Here's what we do in detail:
- create two users, respectively called ftp1 and ftp2.
- configure VSFTPD to allow both of them and, while we're there, to deny login attempts from any other users (including root) for security reasons.
- setup the /var/www/ftp1/ home folder for the user ftp1 and the /var/www/ftp2/ home folder for the user ftp2.
Creating the users
Let's start with the easy stuff: creating the ftp1 and ftp2 users.
Type this in your terminal console with an elevated account (or use sudo):
|
1 2 |
> useradd ftp1 > passwd ftp1 |
Choose a strong password and confirm it, then repeat the same process for the ftp2 user.
|
1 2 |
> useradd ftp2 > passwd ftp2 |
Again, choose a (different) strong password, confirm it and you're done.
Configure VSFTPD
Open the VSFTPD configuration file, which should be lying in the following path:
|
1 |
/etc/vsftpd/vsftpd.conf |
And add the following lines:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
# Disable anonymous login anonymous_enable=NO # Enable the userlist userlist_enable=YES # Configure the userlist to act as a whitelist (only allow users who are listed there) userlist_deny=NO # Allow the local users to login to the FTP (if they're in the userlist) local_enable=YES # Allow virtual users to use the same privileges as local users virtual_use_local_privs=YES # Setup the virtual users config folder user_config_dir=/etc/vsftpd/user_config_dir/ |
IMPORTANT: Try to avoid duplicate settings: if some of the above settings are already present in your vsftpd.conf file either comment them out or delete them, or the VSFTPD service will be unable to start.
The above options are quite self-explanatory: we're basically telling VSFTP to allow FTP access only to the local users that we'll put into the user_list file, fetching their configuration from the /user_config_dir/ folder.
Now let's open the /etc/vsftpd/user_list file and add the ftp1 and ftp2 users in the following way:
|
1 2 3 |
# vsftpd userlist ftp1 ftp2 |
Setup the Home Folders
Now that we've allowed those two users to access our FTP server (and closed it to anyone else), the last thing we need to do is to configure their home folder.
To do that, create the /etc/vsftpd/user_config_dir/ folder and create two files with the exact same name of the two users:
|
1 2 3 |
> mkdir /etc/vsftpd/user_config_dir/ > touch /etc/vsftpd/user_config_dir/ftp1 > touch /etc/vsftpd/user_config_dir/ftp2 |
Right after that, edit the ftp1 file in the following way:
|
1 2 |
local_root=/var/www/ftp1 write_enable=YES |
Once done, do the same with the ftp2 file, specifying a different home folder:
|
1 2 |
local_root=/var/www/ftp2 write_enable=YES |
Conclusions
That's it! Now you can create a separate, dedicated home folders for each one of your FTP users.
Remember to add a SSL certificate to your VSFTP server to better secure it and also to shield it against malicious attempts to steal your precious data!
Hi, I followed the instructions above but the second user get the following message when login from filezila:
Comando: USER parking
Resposta: 331 Please specify the password.
Comando: PASS *********
Resposta: 500 OOPS: cannot change directory:/home/parking
user1 works fine.
myname@myhost:/etc$ cat vsftpd.userlist
user1
parking
cat /etc/vsftpd.conf
…
user_config_dir=/etc/vsftpd/user_config_dir/
myname@myhost:/etc/vsftpd/user_config_dir$ ls
user1 parking
myname@myhost:/etc/vsftpd/user_config_dir$ cat parking
local_root=/var/www/html/imageParking
write_enable=YES
What Am I doing wrong?
Assistance welcome.
Hello, it seems like a configuration problem for user #2 (folder /home/parking missing on server, or wrong permissions, or something like that). I would definitely check that.