I like vsftpd (http://freshmeat.net/projects/vsftpd/). It's very very simple to configure.

Now let's get to the point.

Installation
sudo apt-get install vsftpd
This installs ssl-cert, openssl and vsftpd, only with anonymous login and just for downloads from a jailed /home/ftp/.

Configuration

Make a copy of the original configuration file. It is very well commented. Keep a copy to have the original settings and comments, just in case.
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.originalNow edit the file /etc/vsftpd.conf and change it's settings as follows.

Basic Setup

To disable anonymous login and to enable local users login and give them write permissions:
# No anonymous login
anonymous_enable=NO
# Let local users login
# If you connect from the internet with local users, you should enable TLS/SSL/FTPS
local_enable=YES

# Write permissions
write_enable=YESNOTE: It is not advisable to use FTP without TLS/SSL/FTPS over the internet because the FTP protocol does not encrypt passwords. If you do need to transfer files over FTP, consider the use of virtual users (same system users but with non system passwords) or TLS/SSL/FTPS (see below).

To chroot users

To jail/chroot users (not the vsftpd service), there are three choices. Search for "chroot_local_users" on the file and consider one of the following:
# 1. All users are jailed by default:
chroot_local_user=YES
chroot_list_enable=NO

# 2. Just some users are jailed:
chroot_local_user=NO
chroot_list_enable=YES
# Create the file /etc/vsftpd.chroot_list with a list of the jailed users.

# 3. Just some users are "free":
chroot_local_user=YES
chroot_list_enable=YES
# Create the file /etc/vsftpd.chroot_list with a list of the "free" users.To deny (or allow) just some users to login

To deny some users to login, add the following options in the end of the file:
userlist_deny=YES
userlist_file=/etc/vsftpd.denied_users
In the file /etc/vsftpd.denied_users add the username of the users that can't login. One username per line.

To allow just some users to login:userlist_deny=NO
userlist_enable=YES
userlist_file=/etc/vsftpd.allowed_usersIn the file /etc/vsftpd.allowed_users add the username of the users that can login.

The not allowed users will get an error that they can't login before they type their password.

TLS/SSL/FTPS

NOTE: you definitely have to use this if you connect from the Internet.

To use vsftpd with encryption (it's safer), change or add the following options (some options aren't on the original config file, so add them):
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
# Filezilla uses port 21 if you don't set any port
# in Servertype "FTPES - FTP over explicit TLS/SSL"
# Port 990 is the default used for FTPS protocol.
# Uncomment it if you want/have to use port 990.
#listen_port=990
No need to create a certificate. vstfpd uses the certificate Ubuntu creates upon it's installation, the "snake-oil" certificate (openssl package, installed by default). Please don't be afraid of it's name! :)

Install Filezilla (on the repositories), and use the Servertype "FTPES - FTP over explicit TLS/SSL" option to connect to the server with TLS/SSL/FTPS.

Additional Options

Here are some other available options. The values are examples:
# Show hidden files and the "." and ".." folders.
# Useful to not write over hidden files:
force_dot_files=YES

# Hide the info about the owner (user and group) of the files.
hide_ids=YES

# Connection limit for each IP:
max_per_ip=2

# Maximum number of clients:
max_clients=20
Apply new configuration settings

Don't forget that to apply new configurations, you must restart the vsftpd service.
sudo /etc/init.d/vsftpd restart
Webmin Module

For those who use webadmin, there is a module for VSFTPD here http://www.webmin.com/third.html.

Firewall Problems

If you find problems when connecting, set pasv_min_port and pasv_max_port in /etc/vsftpd.conf and allow outbound connections in the ports you set in your firewall.
pasv_min_port=12000
pasv_max_port=12100Virtual users with TLS/SSL/FTPS and a common upload directory - Complicated vsftpd

Virtual users are users that do not exist on the system - they are not in /etc/passwd, do not have a home directory on the system, can not login but in vsftpd - or if they do exist, they can login in vsftpd with a non system password - security.

You can set different definitions to each virtual user, granting to each of these users different permissions. If TLS/SSL/FTPS and virtual users are enabled, the level of security of your vsftpd server is increased: encrypted passwords, with passwords that are not used on the system, and users that can't access directly to their home directory (if you want).

The following example is based and adapted on the example (ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.5/EXAMPLE/VIRTUAL_USERS/README) for virtual users in vsftpd site, on documentation and the very good examples in this forum that can be found here (http://ubuntuforums.org/showpost.php?p=3497743&postcount=1) and here (http://ubuntuforums.org/showpost.php?p=867795&postcount=9).

From the FAQ (ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.5/FAQ) in vsftpd site:
Note - currently there is a restriction that with guest_enable enabled, local
users also get mapped to guest_username.This is a polite way to say that if the default vsftpd PAM file is used, the system users will be guests too. To avoid confusions change the PAM file used by vsftpd to authenticate only virtual users, make all vsftpd users as virtual users and set their passwords, home and permissions based on this example.

The workshop

This is an example for a work directory where various virtual users can save (upload) their work - in this case it will be /home/work, that must be owned by the guest_username (workers).

Create the system user (workers) and the work directory (/home/work) to be used by the virtual users in vsftpd where they will upload their work in it:
# Don't use -m (--create-home) option. This avoids creating a home
# directory based on /etc/skel (.bash* and .profile files).
sudo useradd -d /home/work workers
sudo mkdir /home/work
sudo chown workers /home/work
Create directories to save the virtual users definitions.
sudo mkdir /etc/vsftpd
sudo mkdir /etc/vsftpd/vusersChange the PAM authentication in vsftpd.conf and create a new PAM file that uses the pam_userdb module to provide authentication for the virtual users.

If you still didn't do it, make a backup copy of your vsftpd.conf or make a backup copy of the default one (it is a very good starting point and it is very well commented, as I previously wrote).

Edit the default /etc/vsftpd.conf:
sudo nano /etc/vsftpd.confChange the line anonymous=YES, uncomment local_enable=YES and change pam_service_name=vsftpd:
# Disable anonymous_enable is optional.
anonymous_enable=NO
...
local_enable=YES
...
pam_service_name=ftp
Then add the TLS/SSL/FTPS definitions (from above) in the end of the file and after it also add:
# Enable (only) guests.
guest_enable=YES
# This is not needed, it's the default. Just here for clarity.
guest_username=ftp
# Where the guests (virtual) usernames are set.
user_config_dir=/etc/vsftpd/vusersThe default settings in vsftpd.conf are restricted just for anonymous user that can download from /home/ftp, are chrooted there and can't upload nor create directories. Virtual users are treated as anonymous users by vsftpd. We have disabled anonymous logins, enabled local_users (virtual users in this case, authenticated by the PAM file we will create) and enabled guests (local users - guests - will be virtual users).

The rest of the options are the default ones, so nobody can upload and because we set guest_enable=YES, if a username exists and have an empty username file, it will be treated as an anonymous user ("ftp" user). We added the TLS/SSL/FTPS so no cleartext passwords are used in the connections.

Now you will override the vsftpd.conf settings for each username individually with files in the directory /etc/vsftpd/vusers wich was set in "user_config_dir=" option. Lets continue.

Create the new file /etc/pam.d/ftp for the new authentication system:
sudo nano /etc/pam.d/ftpAnd add the following content:
auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_loginCreate a file with the virtual usernames and passwords that can login (one line for username, one line for password and so on for all the users) and call it "logins.txt":
mike
password1
sarah
password2Install libdb3-util, create the login database with the file logins.txt and restrict permissions to the database:
sudo apt-get install libdb3-util
sudo db3_load -T -t hash -f logins.txt /etc/vsftpd/vsftpd_login.db
sudo chmod 600 /etc/vsftpd/vsftpd_login.db
# This is not safe, you should delete this file.
sudo chmod 600 logins.txtCreate a file for the workers settings (mike and sarah on logins.txt):
sudo nano /etc/vsftpd/workersAdd the new definitions for this users (remember that virtual users are treated as anonymous users by default on vsftpd, default anonymous settings are set on /etc/vsftpd.conf):
write_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_upload_enable=YES
local_root=/home/work
chroot_local_user=YES
dirlist_enable=YES
download_enable=YES
guest_username=workersLink this file to the workers usernames in /etc/vsftpd/vusers/, so that any change made at /etc/vsftpd/workers is applied to all workers (after you restart vsftpd).
sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/mike
sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/sarahIf this was suppose to be for web development, you would add this directory in apache, make it an available site and enable it as an enabled website.

Restart vsftpd.

System users as a virtual user with non-system password

The next example file for one user, like a system user. Add his username and a password - not the system one please, just to be a little bit safer - in logins.txt and repeat the db3_load command. Create a file named after his username inside /etc/vsftpd/vusers/:
sudo nano /etc/vsftpd/vusers/userAnd save the following in it:
write_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_upload_enable=YES
chroot_local_user=YES
# change /home/user to the actual user home directory.
local_root=/home/user
dirlist_enable=YES
download_enable=YES
guest_username=userAs you can see, guest_username is important because it will be the user that owns the uploaded files on the directories owned by the guest_username and only files owned by this guest_username can be deleted by him (if you allow it). If you don't set a guest_username, then the "ftp" user will be the used (default in /etc/vsftpd.conf). If you create an empty file of a username present in /etc/vsftpd/vsftpd_login.db (logins.txt), this user will only have the permissions set to anonymous users in /etc/vsftpd.conf, his default home directory will be /home/ftp/ and the owner of the files he uploads (if you allow him and the directory is owned by ftp) will be "ftp".

Only usernames in both /etc/vsftpd/vsftpd_login.db (logins.txt) AND with a file in /etc/vsftpd/vusers/ can login. So, the username can't login if: - If a file exist in /etc/vsftpd/vusers/ but the username is not in /etc/vsftpd/vsftpd_login.db (logins.txt) - you can add filenames that aren't on the database, no harm done.
- If the username is in /etc/vsftpd/vsftpd_login.db (logins.txt) but do not exist in /etc/vsftpd/vusers/ - you can disable logins, just (re)move/rename the file(s) and/or link(s).
Restart vsftpd.

EDIT1: removed SFTP reference in TLS/SSL/FTPS section
EDIT2: added virtual users configuration.
EDIT3: added allow/deny userlist.

Here is the link of the outdated vsftpd tutorial just for the record :
http://ubuntuforums.org/showthread.php?t=91887

Thanks for this up to date guide ;)

Oh awesome. I spent about two hours yesterday trying to get FTP working on my new vonbox/ubuntu server, with no luck. I'll have to give this a shot tonight and post the results. Thanks!

I've used vsftpd for 2 years and never had a problem.

I enjoy vsftpd but i've been having one hell of time getting it to work with accounts through NIS. Can someone please add to these wonderfully straight forward directions; setting up vsftpd with NIS? I understand it's more about PAM talking to NIS in general but vsftpd is the only app that requires this (for me) as sshd works just fine for me, right out of the box. This is a total bummer. My NIS Master is FreeBSD 6, if that makes any difference.

Thank you all for finding this howto useful.

I've made it some months ago (in portuguese) just to make the installation of a FTP server for common use in Ubuntu the painless as it can be.

Motionsiren, I've never used PAM and NIS. On vsftpd FAQ (ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.5/FAQ) it says:

"If you are not using PAM, then vsftpd will do its own check for a valid user shell in /etc/shells. You may need to disable this if you use an invalid shell to disable logins other than FTP logins. Put check_shell=NO in your /etc/vsftpd.conf."

Don't know if this is helps you in any way.

I'll be glad to had your findings to the howto.

The howto is very simple (it was it's objective) and it could be improved with some more functions.

Cheers.

My vsftpd is running but I can't figure out how I can share specific folders...

I'd like to share these folders:

/media/hda1/HL
/media/sda1/#MP3

How can I do this?

Thanks!

Is this even possible with vsftpd

I'd like to share these folders:

/media/hda1/HL
/media/sda1/#MP3

How can I do this?



Hi ungluun,

I suppose you want a "mp3" user for this. If it is, the simplest way to do it is to create a user which its home folder in /media/sda1/MP3:

sudo groupadd mp3
sudo useradd -c "FTP mp3" -d /media/sda1/MP3 -g mp3 mp3Set his password:

sudo passwd mp3And restart vsftpd:

sudo /etc/init.d/vsftpd restartIf you have all users chrooted, it will work with no more changes.

Hope this works for you. :)

Hi,

That solution works only for one folder..

Windows has many ftp servers. In almost all of them you can simply add folders you'd like to share. How is this done in vsftpd?



I'd like to create virtual paths to those folders. So that every user on my ftp can access those directories.
I think I could do this by mounting the dirs (with fstab) under my ftp folder, but that's a weird solution, no? :(

It not that odd, I think.

Check the vsftpd FAQ (ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.5/FAQ) (2nd question).

It's how vsftpd works with folders outside chroot users folders. As an example here is how to do it:

http://www.ducea.com/2006/07/27/allowing-ftp-access-to-files-outside-the-home-directory-chroot/

I don't know any other way to do it, sorry.

That approach did the trick :), thanks!

But it leads me to another problem: file permissions

My ftp users are able to upload (write).
But they should only be able to read these folders:
/home/ftp/HL
/home/ftp/#MP3

With my current configuration they are able to delete and write files in the those folders.

I don't won't to chmod 755 these folders because I want still to be able to write in these folders as pc user (not ftp).

How do I solve this problem :confused:

Or how do I create a user that can only read:
/home/ftp/HL
/home/ftp/#mp3

And another user that can only upload in /home/ftp/upload

:confused:

That should be simple to do. You should enable write permissions to users (all) with:

write_enable=YESbut disable write permission to anonymous with:

anon_upload_enable=NONOTE: if you DO enable anonymous to write/upload files, you should change the default owner of those files (for security reasons) with:

chown_upload=YES
chown_username=some_username_with_write_permission _on_the_directory

Another note:

If you want to add certain setting to individual users, create a directory that will have the settings of those users:

sudo mkdir /etc/vsftpd_user_confEdit vsftp configuration file to read that directory:

sudo nano /etc/vsftpd.confand set the user_config_dir variable (non-existent in the default configuration file) to read that directory:

user_config_dir=/etc/vsftpd_user_confInside the /etc/vsftpd_user_conf directory, create a file named with the username of the "exception" user and set the variables/options that you want him/them to have as exceptions to the default configuration. For various users, various files, each one with different settings if you want.

Don't forget to restart vsftp each time you change its configuration

sudo /etc/init.d/vsftpd restart

Does anyone know a easy way to keep track of your vsftpd, so that I know when people have uploaded files (or connected). Ideally, I'd just like a terminal window showing ftp activity.

Hi moojs,

you can track vsftpd activity on the usual place, in the /var/log/ directory in the vsftpd.log file.

i get this error when i try to log in:

ftp: SSL_connect error error:140943FC:SSL routines:SSL3_READ_BYTES:sslv3 alert bad record mac

When i try to connect to from a pc on my lan to my server that's also on my lan it works fine with ssl. I'm using filezilla too. But from outside my lan i get that error.

can anyone help me with this plz?

I have a problem too, I have like three days trying to set up vsftpd with no little or no success at all, Im trying to do the following:

user anonymous: read several folders, but dont write anything, I will mount the folders like you explained earlier.
my local user: full access to /home/user name

I reached this configuration so far:
listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
anon_upload_enable=NO
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
chown_uploads=YES
chown_username=mike
idle_session_timeout=300
data_connection_timeout=120
ftpd_banner=Welcome to Mike's FTP server
chroot_local_user=YES
chroot_list_enable=NO
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
local_root=/home/mike
force_dot_files=YES
hide_ids=YES
max_per_ip=1
max_clients=6
pasv_min_port=1025
pasv_max_port=1125

with this I can connect locally, (ftp localhost) and it works, but right now Im not in my home and I cant access the server,it says connection refused, the connection is working because I can see my page and access to my box via ssh and scp, any advice? Im I doing something wrong?

Thnx in advance folks

epimeteo

I followed your howto ftp with vsftpd. When i use filezilla i can log in until i get this
Response: 425 security: Bad IP Connecting
Error: Failed to retrieve directory listings

Assuming a followed your directions, why would I get this error?

Thanks

Thank you for the tutorial. I was wanting to know if you could help further with my setup. I am trying to setup a corporate ftp for project collaboration and this server will not use anonymous logins. I have followed your tutorial and I chose the option to chroot all users and setup virtual users.

This is what I was considering:

ProjectFolder1 - download only folder for multiple client group access
ProjectFolder2 - download only folder for multiple client group access
ClientFolder1 - upload/down folder for specific client
ClientFolder2 - upload/down folder for specific client
Uploads - an uploads only folder for any authorized users

I would like to create 2 system users to administer this box. I would like to know how to give users Admin1 and Admin2 upload/download and add/delete file access to all of these folders?
Also Is there a way to restrict the uploads folder to uploading only without viewing the contents of the folder?

Thanks,
Tim

Hello, I have followed this tutorial and managed to get vsftpd up and running using FTP over explicit TLS/SSL, however, the third party connecting to it have demanded we use implicit! I cannot find any howtos on the Internet. Could someone please advise? Thank you

Hi jdawson,

did you try

listen_port=990

in your vsftpd.conf? (I can't test it at the moment)

I am fairly new to Linux, though I am computer savvy and technically inclined. I have a lot of experience working with Windows, and have set up many other FTP servers.

Having said that, spending 16-20 hours working to set up "the best" ftp server available for this system is getting ridiculous. To answer the first question, yes I've restarted the service.

I primarily use web browsers to access ftp sites, but I've also installed Filezilla.

For starters, with the initial setup it is my understanding that an anon user can connect to the site to download files only. I have included a file in the directory /home/ftp, but I cannot see it when I access the site via a web browser (FF, IE6, IE7).

Do a little digging, I get told I need to share that folder. So I share it... no success.

Then I decide it doesn't matter what an anon user can see because I need to secure this site. So I tailor the config file appropriately:
# Example config file /etc/vsftpd.conf
#
# The default compiled in settings are fairly paranoid. This sample file
# loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd.conf.5 for all compiled in defaults.
#
# READ THIS: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
# capabilities.
#
#
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Run standalone with IPv6?
# Like the listen parameter, except vsftpd will listen on an IPv6 socket
# instead of an IPv4 one. This parameter and the listen parameter are mutually
# exclusive.
#listen_ipv6=YES
#
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
#
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
#local_umask=022
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# has an effect if the above global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
#
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
dirmessage_enable=YES
#
# Activate logging of uploads/downloads.
xferlog_enable=YES
#
# Make sure PORT transfer connections originate from port 20 (ftp-data).
connect_from_port_20=YES
#
# If you want, you can arrange for uploaded anonymous files to be owned by
# a different user. Note! Using "root" for uploaded files is not
# recommended!
#chown_uploads=YES
#chown_username=whoever
#
# You may override where the log file goes if you like. The default is shown
# below.ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
# Filezilla uses port 21 if you don't set any port
# in Servertype "FTPES - FTP over explicit TLS/SSL"
# Port 990 is the default used for FTPS protocol.
# Uncomment it if you want/have to use port 990.
listen_port=990
#xferlog_file=/var/log/vsftpd.log
#
# If you want, you can have your log file in standard ftpd xferlog format
#xferlog_std_format=YES
#
# You may change the default value for timing out an idle session.
#idle_session_timeout=600
#
# You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
# It is recommended that you define on your system a unique user which the
# ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=yoda
#
# Enable this and the server will recognise asynchronous ABOR requests. Not
# recommended for security (the code is non-trivial). Not enabling it,
# however, may confuse older FTP clients.
#async_abor_enable=YES
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# the request. Turn on the below options to have the server actually do ASCII
# mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
# predicted this attack and has always been safe, reporting the size of the
# raw file.
# ASCII mangling is a horrible feature of the protocol.
#ascii_upload_enable=YES
#ascii_download_enable=YES
#
# You may fully customise the login banner string:
ftpd_banner=Welcome to the AKA FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# useful for combatting certain DoS attacks.
#deny_email_enable=YES
# (default follows)
#banned_email_file=/etc/vsftpd.banned_emails
#
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
chroot_local_user=YES
#
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_list_enable=NO
# (default follows)
#chroot_list_file=/etc/vsftpd.chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled by
# default to avoid remote users being able to cause excessive I/O on large
# sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# the presence of the "-R" option, so there is a strong case for enabling it.
ls_recurse_enable=YES
#
#
# Debian customization
#
# Some of vsftpd's settings don't fit the Debian filesystem layout by
# default. These settings are more Debian-friendly.
#
# This option should be the name of a directory which is empty. Also, the
# directory should not be writable by the ftp user. This directory is used
# as a secure chroot() jail at times vsftpd does not require filesystem
# access.
secure_chroot_dir=/var/run/vsftpd
#
# This string is the name of the PAM service vsftpd will use.
pam_service_name=vsftpd
#
# This option specifies the location of the RSA certificate to use for SSL
# encrypted connections.
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
# This option specifies the location of the RSA key to use for SSL
# encrypted connections.
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key

So I'm at the point now where Filezilla is trying to connect. I have everything set up in there right, server type is ftps, UN/PW etc. The error I'm seeing here is it says the connection is established, initializing TLS, and then it tells me it cannot connect. In the web browser I get the authorization screen to enter a UN/PW combo but it does not recognize ANY users I have on the system.

I'm starting to get the overwhelming feeling the issue is with either the TLS/SSL or it's with the users. It's unfortunate there isn't a simple interface to add and remove users, and designate their home folders. I've added the users to the system, I've shared their /home/(user) folder, I've configured the file (to the best of my ability and knowledge) to allow these users to connect, and yet they cannot.

Any help is appreciated! All I want is an FTP server which I can log into, download and upload files. As a forewarning, in order to help me you cannot just say "create xxxxxx.xxx and then add a user to it" I really need the HOW. A step by step, this is how you configure your server, this is what you type into Terminal, to allow this user to connect from a web browser, without any of the overhead technical jargon.

THANK YOU!

Hi epimeteo,
To start off, thank you for such a great and well written how-to.
I have followed every step of it and have implemented it as per the how-to, so that I could run a ftp server with vsftpd, ssl and virtual users (also with local users).

I have succeeded to a extent that vsftpd+ssl+localuser work, but with ssl enabled, the virtual users are unable to login :( . If I disable SSL, the same virtual users are able to login in with the password :confused:. I really have no clue :confused: as to why this is happening. The only clue I got from the logs that pam_unix is unable process the username. Here is the error

========= /var/log/auth.log ====================================
May 1 21:46:09 sshd[22941]: Invalid user foobar from 192.168.2.1
May 1 21:46:09 sshd[22941]: Failed none for invalid user foobar from 192.168.2.1 port 1261 ssh2
May 1 21:46:15 i-softwareproducts sshd[22941]: (pam_unix) check pass; user unknown
May 1 21:46:15 i-softwareproducts sshd[22941]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=localhost
================================================== =================

Here is a more info on my install and config:
OS: Ubuntu 7.04
vsftpd: version 2.0.5
installed openssl, ssl-cert and db3-utils

/etc/vsftpd.conf
================
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
#connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
idle_session_timeout=600
data_connection_timeout=120
chroot_local_user=YES
ls_recurse_enable=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=ftp
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
force_dot_files=YES
hide_ids=YES
guest_enable=YES
guest_username=virtual
user_config_dir=/etc/vsftpd/vusers

/etc/pam.d/ftp
==============
uth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login

/etc/vsftpd/vusers/foobar
=========================
rite_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_upload_enable=YES
local_root=/home/ftpusers
chroot_local_user=YES
dirlist_enable=YES
download_enable=YES
guest_username=virtual


Please help me resolve this.

Thank You

I am in the exact same spot with respect to getting FileZilla to work, that it is it won't with SSL enabled. GoFTP (another client) will work if I use explicit SSL, if I try and use implicit SSL (regardless of which port the vsftpd server listens to) it will not connect. I think FileZilla is expecting implicit to work, frankly so was I. After a few hours of searching I'm thinking that it is not a problem with misconfiguration it is simply that vsftpd doesn't support implicit SSL.

I hope that I'm wrong here and someone can tell me what directives need to be turned on for this to happen.

how to compile http://workaround.org/articles/ispmail-etch/ together and VSFTPd!!!
How to do this:
virtual_users must have access to they folders in virtual_domains>
for excample:
user1
user2
user3
....

domain1
domain2
domain3
....

ftp://user1.domain1.com
ftp://user1.domain2.com
ftp://user2.domain3.com
.....

Like this is this possible? if Yes plz help me how ?

I want only /media/disk-1/FTP to be available over FTP.
I used sudo useradd -d /media/disk-1/FTP ftpuser
but after logging in with ftpuser, again many more folders are shown(from / )

Any help is appreciated.

Hello, First of all the tutorial is great..It helped me a lot :)

But i have a problem.When i go to download files from another computer i get this error:
Could not read from transfer socket: ENOBUFS - Out of memory

I have free ram so i do not think that is a ram problem..
$free -m
total used free shared buffers cached
Mem: 503 380 123 0 2 74
-/+ buffers/cache: 303 200
Swap: 321 78 243

I've tried to set up vsftpd with a single virtual user, called transfer. It's working almost perfectly: user can upload files, delete files, create directories, delete directories, BUT it can't download files, or chmod. Funny, uhh? one would expect problems to happen the other way around :) Although if I chmod the file as a root to have 666 privileges (instead of 600, which is default) than user can download.

I also checked that the file owner is ftp and group is ftp, and the daemon is listening as root, and opens 2 new threads for ftp connection as ftp user.

So... below are my config files, can you tell me what could be the problem?

/etc/vsftpd.conf

listen=YES
anonymous_enable=YES
local_enable=YES
write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
nopriv_user=ftp
secure_chroot_dir=/var/run/vsftpd
pam_service_name=ftp
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
force_dot_files=YES
guest_enable=YES
guest_username=ftp


/etc/vsftpd/vusers/transfer

write_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_upload_enable=YES
local_root=/var/www/ftp.transfer
chroot_local_user=YES
dirlist_enable=YES
download_enable=YES


/etc/pam.d/ftp

auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login


also
$ls -ld /var/www/ftp.transfer
drwxrwxrwx 3 ftp ftp 4096 Sep 16 16:54 /var/www/ftp.transfer

FTP error when downloading is:
550 Failed to open file

distro is Hardy, and so I had to instal version 4.2 instead of libdb3-util.. but I doubt that this could be the problem!

sudo apt-get install libdb3-util not working :(

any idea Why ??

hardy-heron

2.6.24-19-server

It use db4.6-util
I kept getting "unknown user" until I changed my vsftpd.conf file:

pam_service_name=vsftpd
Which has to match the name used in /etc/pam.d. I was migrating my config to a new server and didn't catch that.

Sheesh.

sudo apt-get install libdb3-util not working :(

any idea Why ??

hardy-heron

2.6.24-19-server

In Hardy libdb3 is replaced by version 4... search for it in aptitude.

I am using vsftpd in my PC and use it as a backup place of all my college works(projects , pics etc) everything is running fine but I want to automate the backup process using a shell script...
Does anybody know the detail of the commands that vsftpd prom[t "ftp>"(w/o quotes) take???
Any help would be appreciated.
Thankyou

The libdb doesn't work for me either and I did a search with no results for libdb(anything)-util


Thoughts?

Try db4.6-util

I see alot of you are having the same problem I have been having. I could connect internally, but I could not connect externally. So, add this nice little piece to your /etc/vsftpd.conf file:

pasv_enable=YES
pasv_promiscuous=YES
pasv_min_port=50000
pasv_max_port=50100
pasv_address=[your external ip here]

Make sure you foward those pasv_min and max ports from your router.
Make sure you foward ports 20 and 21 from your router.
Make sure "connect_from_port_20=YES" is uncommented (no #).
You don't need "#listen_port=990" so leave it commented.

Hello, thanks for your efforts writing this tutorial. I stuck at certain moment: sudo apt-get install libdb3-util
This package isn't available in Hardy LTS. Libdb4 has been installed, but there is no /usr/bin/db* executable. How can I solve this?
Thanks and regards,
Ralph

HI. I read the first howto in this thread.
I connect to the internet via a router. Anything special I have to do because of this? I'm a newbie to this kind of stuff so I'm pretty clueless at this point

I am trying to setup vsftpd as an ftp server to eventually move off-site to make backups to, for additional redundancy.

I am having the some problems connecting using TLSv1. Filezilla connects fine with standard FTP and gives directory listing correctly. Using FTPES it connects and is authenticated but cannot display directory listing. My setup is as follows:

Virgin Media ISP
Motorola surfboard cable modem
Draytek Vigor 2820
Ubuntu Server 8.1 Intrepid Ibex with vsftpd installed and hopefully configured correctly (standard ftp working fine), currently listening on port 21, but I have also tried changing that to 990, with identical results.
XP Pro PC using Filezilla ftp client

I am connecting to the ftp server using a dyndns address and am forwarding ports 21 and 990 to the local IP of the server.

If someone could point me to what I might be doing wrong, opening additional ports on the router maybe? I would be grateful.

Many Thanks in advance for any assistance!
J

LOG:

Status: Resolving address of ftp.XXX.dnsalias.com
Status: Connecting to 82.43.57.XX:21...
Status: Connection established, waiting for welcome message...
Response: 220 WELCOME TO SOLVE-REMOTE1 FTP SERVER
Command: AUTH TLS
Response: 234 Proceed with negotiation.
Status: Initializing TLS...
Status: Verifying certificate...
Command: USER XXXXXXX
Status: TLS/SSL connection established.
Response: 331 Please specify the password.
Command: PASS **********
Response: 230 Login successful.
Command: SYST
Response: 215 UNIX Type: L8
Command: FEAT
Response: 211-Features:
Response: AUTH SSL
Response: AUTH TLS
Response: EPRT
Response: EPSV
Response: MDTM
Response: PASV
Response: PBSZ
Response: PROT
Response: REST STREAM
Response: SIZE
Response: TVFS
Response: UTF8
Response: 211 End
Command: OPTS UTF8 ON
Response: 200 Always in UTF8 mode.
Command: PBSZ 0
Response: 200 PBSZ set to 0.
Command: PROT P
Response: 200 PROT now Private.
Status: Connected
Status: Retrieving directory listing...
Command: PWD
Response: 257 "/data/REMOTE_BACKUPS"
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (192,168,0,103,48,124)
Status: Server sent passive reply with unroutable address. Using server address instead.
Command: LIST

Hello, thanks for your efforts writing this tutorial. I stuck at certain moment: sudo apt-get install libdb3-util
This package isn't available in Hardy LTS. Libdb4 has been installed, but there is no /usr/bin/db* executable. How can I solve this?
Thanks and regards,
Ralph

Try this ...

sudo apt-get install db4.3-util

then ...

sudo db4.3_load etc instead of db3_load

devill, I have the same problem with the chmod 600 and not being able to download. I have come up with a workaround for it. Use the anon_world_readable_only=NO instruction to allow all files to be readable.

I prefer changing the 600 permissions to 660 but this worked for the moment.

Tony

This download is for Intel x86 processor Ubuntu computers.

if you wish to use the db3_load you have to download and run the sudo dpkg -i package-name.deb command.

First - go to and download, http://packages.ubuntu.com/dapper/i386/libdb3/download

go to the directory where the new file is residing and run sudo dpkg -i libdb3_3.2.9-23_i386.deb.

Follow the on screen instructions. This should install the necessary library files for the next step.

Send - go to and download, http://packages.ubuntu.com/dapper/i386/libdb3-util/download

go to the directory where the new file is residing and run sudo dpkg -i libdb3-util_3.2.9-23_i386.deb

Follow the on screen instructions. If everything went okay, you now have db3_load.

Note: Other machine types/versions exist that may suit your needs at http://packages.ubuntu.com/search?keywords=libdb3

The above link will provide you a more detailed list and selection of which package types to install.

Working with Ubuntu and vsftpd for the first time. Found it easy to configure with system users but that doesn't sound like a secure method. Our users and clients will share the same username and password to access a common directory. Tried setting up a single virtual user but get access denied errors when connecting. Didn't setup TLS/SSL/FTPS because I had problems getting it to work with IE and Windows Explorer. Looking for a secure and easy way to setup users. Please let me know what other information would be useful. Have a deadline of May 1st.

I've been trying to get vsftpd to work and this is what I've run into... I can access the folder I've setup using FileZilla but when I try to download a file, this is the error I get:
Status: Starting download of /myfile
Command: TYPE I
Response: 200 Switching to Binary mode.
Command: PASV
Response: 227 Entering Passive Mode (XX,XXX,XXX,XX,XXX,XX - this is my server IP address)
Command: RETR myfile
Response: 550 Failed to open file.
Error: Critical error
I used chown to assure the download folder is owned by the user but still no luck. Any suggestions?

I was able to get vsftp working. The following document helped in addition to this thread.
http://linuxforfun.net/2008/04/05/vsftpd-virtual-users/

Thanks! I'll try that later today...

I am still very new. I am trying to set up Ubuntu 9.04 server. I'm stuck at step 1. I do sudo apt-get install vsftpd and it gives error message "Couldn't find package vsftpd". Perhaps there is already another ftp package? Perhaps already installed? All I am trying to do is make it possible for me to get a file from my MacBook onto my server using ftp. I am clueless how to get files to and from my server as of yet. I am committed to learning terminal-only administration! I am also up for hekp setting up samba. I have bought a few ubuntu books but it is slow to digest.

***
Appended:

Was able to use scp command to do local transfers to/from my MacBook. Still want to setup ftp though.

Local transfer syntax:
ktritty@macbook$ scp /path/filename serveruser@ip.address.of.server:/outputpath/filename

This works great; must have ssh services active and proper ssh port open

I'm having the same problem. I checked resolv.conf and I can ping by name, so DNS resolution isn't the issue. Any suggestions? I'm relatively new to this, trying to set up server for the first time.

Thanks,
John

Most of the serious issues will be because there is something wrong with the vsftpd.conf file and firewall tunneling. Tunneling simply means, telling the router to let certain ports cross thru or bypass the firewall. Heck, most routers are even firewalls, they simple hide private addresses from public, but, that's a different story.

ktritty, how did you install Ubuntu Server? Is it actually on a physical hard drive with dedicated components like motherboard and network card, or is it running with VMWare software?

jmeggers, please post your config file and tell me what type of network setup you have. DNS shouldn't be the problem. If you have an IP address to your system you should be able to use that.

I personally ran into several differences in each how to or tutorial I read. In fact, I haven't found one that actual worked the way they said it should. This one included. I figured mine out by using the trial by error method. Sucks :)

Is there a way to set it up so that you can use the same username as an account on the machine with a different password?

Very nice tutorial, thanks!

However... I want to give real users the ability to log in via ftp AND create some virtual users at the same time. The additional lines in the /etc/pam.d/vsftpd config file...

auth required /lib/security/pam_userdb.so db=/etc/vsftpd_login
account required /lib/security/pam_userdb.so db=/etc/vsftpd_login

...causes access for normal users (those with entries in /etc/passwd) to no longer work. So how can I do both?

Thanks,
B.

I have tried following this tutorial on 9.10 but I can't get access to the ftp-files folder I created or access using ftp localhost.

I have posted the terminal session from the install and configuration and my /etc/vsftp.conf file, I would be grateful if someone could look at these and let me know what i have done wrong?

Terminal session info:

home@server:~$ sudo apt-get install vsftpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed
vsftpd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/144kB of archives.
After this operation, 475kB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously deselected package vsftpd.
(Reading database ... 64489 files and directories currently installed.)
Unpacking vsftpd (from .../vsftpd_2.2.0-1ubuntu1_amd64.deb) ...
Processing triggers for man-db ...
Setting up vsftpd (2.2.0-1ubuntu1) ...
update-rc.d: warning: vsftpd stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (1)
* Starting FTP server: vsftpd [ OK ]

home@server:~$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original
home@server:~$ sudo nano /etc/vsftpd.conf
home@server:~$ sudo /etc/init.d/vsftpd restart
* Stopping FTP server: vsftpd [ OK ]
* Starting FTP server: vsftpd [ OK ]
home@server:~$ sudo useradd -d /home/ftp-files ftp-users
home@server:~$ sudo mkdir /home/ftp-files
home@server:~$ sudo chown ftp-users /home/ftp-files
home@server:~$ sudo mkdir /etc/vsftpd
home@server:~$ sudo mkdir /etc/vsftpd/vusers
home@server:~$ sudo nano /etc/vsftpd.conf
home@server:~$ sudo nano /etc/pam.d/ftp
home@server:~$ sudo nano logins.txt
home@server:~$ sudo apt-get install db4.2-util
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libdb4.2
The following NEW packages will be installed
db4.2-util libdb4.2
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 486kB of archives.
After this operation, 1,266kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get: 1 http://gb.archive.ubuntu.com karmic/main libdb4.2 4.2.52+dfsg-5 [416kB]
Get: 2 http://gb.archive.ubuntu.com karmic/universe db4.2-util 4.2.52+dfsg-5 [70.7kB]
Fetched 486kB in 0s (607kB/s)
Selecting previously deselected package libdb4.2.
(Reading database ... 64542 files and directories currently installed.)
Unpacking libdb4.2 (from .../libdb4.2_4.2.52+dfsg-5_amd64.deb) ...
Selecting previously deselected package db4.2-util.
Unpacking db4.2-util (from .../db4.2-util_4.2.52+dfsg-5_amd64.deb) ...
Setting up libdb4.2 (4.2.52+dfsg-5) ...
Setting up db4.2-util (4.2.52+dfsg-5) ...
home@server:~$ sudo db4.2_load -T -t hash -f logins.txt /etc/vsftpd/vsftpd_login.db
home@server:~$ sudo chmod 600 /etc/vsftpd/vsftpd_login.db
home@server:~$ sudo chmod 600 logins.txt
home@server:~$ sudo nano /etc/vsftpd/ftp-users
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user1
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user2
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user3
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user4
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user5
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user6
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user7
home@server:~$ sudo /etc/init.d/vsftpd restart
* Stopping FTP server: vsftpd No /usr/sbin/vsftpd found running; none killed.
[ OK ]
* Starting FTP server: vsftpd [ OK ]
home@server:~$ ftp localhost
ftp: connect to address 127.0.0.1: Connection refused
Trying 127.0.0.1...
ftp: connect: Connection refused
ftp>


/etc/vsftp.conf file

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
#local_umask=022
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
#dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
#xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES
#idle_session_timeout=600
#data_connection_timeout=120
#nopriv_user=ftpsecure
#ftpd_banner=Welcome to blah FTP service.
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd.banned_emails
# chroot_list_enable below.
# chroot_local_user=YES
chroot_local_user=YES
chroot_list_enable=NO
#chroot_list_file=/etc/vsftpd.chroot_list
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
# Filezilla uses port 21 if you don't set any port
# in Servertype "FTPES - FTP over explicit TLS/SSL"
# Port 990 is the default used for FTPS protocol.
# Uncomment it if you want/have to use port 990.
#listen_port=990
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=ftp
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
max_clients=2
hide_ids=YES
guest_enable=YES
guest_username=ftp
user_config_dir=/etc/vsftpd/vusers

I have tried following this tutorial on 9.10 but I can't get access to the ftp-files folder I created or access using ftp localhost.



I've got the same problem here... Any suggestions?

B

Hi guys. I am getting the same problem when I upgraded from 9.04. The server seemed to be running fine before now I don't have access to the ftp folder.:confused:

Hi guys. I am getting the same problem when I upgraded from 9.04. The server seemed to be running fine before now I don't have access to the ftp folder.:confused:

What type of error msgs are you receiving? What ftp client are you using to connect to vsftpd?

Did you check your log files for errors? If so, what do they say about the connection attempt?

I have tried following this tutorial on 9.10 but I can't get access to the ftp-files folder I created or access using ftp localhost.

I have posted the terminal session from the install and configuration and my /etc/vsftp.conf file, I would be grateful if someone could look at these and let me know what i have done wrong?

Terminal session info:

home@server:~$ sudo apt-get install vsftpd
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed
vsftpd
0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded.
Need to get 0B/144kB of archives.
After this operation, 475kB of additional disk space will be used.
Preconfiguring packages ...
Selecting previously deselected package vsftpd.
(Reading database ... 64489 files and directories currently installed.)
Unpacking vsftpd (from .../vsftpd_2.2.0-1ubuntu1_amd64.deb) ...
Processing triggers for man-db ...
Setting up vsftpd (2.2.0-1ubuntu1) ...
update-rc.d: warning: vsftpd stop runlevel arguments (0 1 6) do not match LSB Default-Stop values (1)
* Starting FTP server: vsftpd [ OK ]

home@server:~$ sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.original
home@server:~$ sudo nano /etc/vsftpd.conf
home@server:~$ sudo /etc/init.d/vsftpd restart
* Stopping FTP server: vsftpd [ OK ]
* Starting FTP server: vsftpd [ OK ]
home@server:~$ sudo useradd -d /home/ftp-files ftp-users
home@server:~$ sudo mkdir /home/ftp-files
home@server:~$ sudo chown ftp-users /home/ftp-files
home@server:~$ sudo mkdir /etc/vsftpd
home@server:~$ sudo mkdir /etc/vsftpd/vusers
home@server:~$ sudo nano /etc/vsftpd.conf
home@server:~$ sudo nano /etc/pam.d/ftp
home@server:~$ sudo nano logins.txt
home@server:~$ sudo apt-get install db4.2-util
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following extra packages will be installed:
libdb4.2
The following NEW packages will be installed
db4.2-util libdb4.2
0 upgraded, 2 newly installed, 0 to remove and 0 not upgraded.
Need to get 486kB of archives.
After this operation, 1,266kB of additional disk space will be used.
Do you want to continue [Y/n]? y
Get: 1 http://gb.archive.ubuntu.com karmic/main libdb4.2 4.2.52+dfsg-5 [416kB]
Get: 2 http://gb.archive.ubuntu.com karmic/universe db4.2-util 4.2.52+dfsg-5 [70.7kB]
Fetched 486kB in 0s (607kB/s)
Selecting previously deselected package libdb4.2.
(Reading database ... 64542 files and directories currently installed.)
Unpacking libdb4.2 (from .../libdb4.2_4.2.52+dfsg-5_amd64.deb) ...
Selecting previously deselected package db4.2-util.
Unpacking db4.2-util (from .../db4.2-util_4.2.52+dfsg-5_amd64.deb) ...
Setting up libdb4.2 (4.2.52+dfsg-5) ...
Setting up db4.2-util (4.2.52+dfsg-5) ...
home@server:~$ sudo db4.2_load -T -t hash -f logins.txt /etc/vsftpd/vsftpd_login.db
home@server:~$ sudo chmod 600 /etc/vsftpd/vsftpd_login.db
home@server:~$ sudo chmod 600 logins.txt
home@server:~$ sudo nano /etc/vsftpd/ftp-users
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user1
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user2
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user3
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user4
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user5
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user6
home@server:~$ sudo ln -s /etc/vsftpd/workers /etc/vsftpd/vusers/user7
home@server:~$ sudo /etc/init.d/vsftpd restart
* Stopping FTP server: vsftpd No /usr/sbin/vsftpd found running; none killed.
[ OK ]
* Starting FTP server: vsftpd [ OK ]
home@server:~$ ftp localhost
ftp: connect to address 127.0.0.1: Connection refused
Trying 127.0.0.1...
ftp: connect: Connection refused
ftp>


/etc/vsftp.conf file

listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
#local_umask=022
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
#dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
#xferlog_file=/var/log/vsftpd.log
#xferlog_std_format=YES
#idle_session_timeout=600
#data_connection_timeout=120
#nopriv_user=ftpsecure
#ftpd_banner=Welcome to blah FTP service.
#deny_email_enable=YES
#banned_email_file=/etc/vsftpd.banned_emails
# chroot_list_enable below.
# chroot_local_user=YES
chroot_local_user=YES
chroot_list_enable=NO
#chroot_list_file=/etc/vsftpd.chroot_list
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=YES
ssl_sslv3=YES
# Filezilla uses port 21 if you don't set any port
# in Servertype "FTPES - FTP over explicit TLS/SSL"
# Port 990 is the default used for FTPS protocol.
# Uncomment it if you want/have to use port 990.
#listen_port=990
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=ftp
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
max_clients=2
hide_ids=YES
guest_enable=YES
guest_username=ftp
user_config_dir=/etc/vsftpd/vusers


I see one item of concern. Maybe two...

1. You have SSL enabled. If you have this type of connection then you have to supply that to using your ftp program. Doing a simple ftp o 127.0.0.1 to your server is a standard connection protocol (without ssl).

I would make sure the server can accept connections before turning on SSL.

2. It looks like, once you disable ssl, you will make the connection, but then you won't be able to modify or upload items to the ftp server directory. I believe this will occur because you are using the guest login type within your .conf file. The folders where each user has their items stored must be chown VSFTPD USER (replace VSFTPD USER with actual guest user, ftp in this case).


There is an easier way to assign new users without having to create them in vsftpd virtual user space. I can help you with that once we figure the first two things out.

Hello,

I´m searching since quite a while for a solution for my vsftp-server.

I´m looking for a way to enable write access just for _one_particualar shared ftp folder, but afterwards the user is not allowed to delete his uploaded file.
So the requirements are:
1. permission to upload
2. no permission to delete uploaded files.

It looks like here are some vsftp-cracks around whith a solution!?

Edit: Also a common linux solution could help to solve my problem!

Thanks
Tom