Installing vsftpd on ubuntu 12.10

This post has been superseded by a new post at

http://www.whiteboardcoder.com/2013/06/aws-create-vsftpd-ftp-server.html

I recently was asked to set up an ftp server for a client.  I had some partial old notes on setting up a vsftpd server on Ubuntu 12.10 but they were incomplete and not much help to me.   So I had to make this guide.

My goal is to set up a vsftpd server and use virtual users using PAM authentication.  

A great guide to use is http://www.sigerr.org/linux/setup-vsftpd-custom-multiple-directories-users-accounts-ubuntu-step-by-step [1], it helped me fill in the missing gaps on my old notes and a few editions to deal with changes since Ubuntu 10.04.   I would recommend checking his guide out first before looking at how I did it.

vsftpd for  anonymous user download

For a first test I just want to set up a vsftpd server that allows anonymous users to download files.

Install vsftpd

>  sudo apt-get install vsftpd

Make a director for the anonymous user to upload to.

>  sudo mkdir -p /ftp/anon

Set the permissions on the folders

>  sudo chmod 555 /ftp >  sudo chmod 755 /ftp/anon

Make a file in the folder to download

>  sudo touch /ftp/anon/test.file

Edit the /etc/vsftpd.conf file

>  sudo vi /etc/vsftpd.conf

Remove all the contents of the file and replace them with the following

listen=YES anonymous_enable=YES no_anon_password=YES anon_root=/ftp/anon local_enable=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES secure_chroot_dir=/var/run/vsftpd/empty #Set passive mode pasv_enable=YES pasv_addr_resolve=YES pasv_address=192.168.0.11 pasv_min_port=2048 pasv_max_port=2248

In my particular case the server had a local ip address of 192.168.0.11  Make sure to put your address or dns name here.

Restart the vsftpd service

>  sudo service vsftpd restart

Test it out

FTP via the command line using passive mode "-p"

>  ftp -p 192.168.0.11

And you are in

download a file by running this command

ftp>  get test.file

As another test I wanted to make sure this worked in FireFTP a FTP client that uses firefox.

Open FireFTP and select "Create an Account" from the pull down menu

Give it a name set the host to the ip address or dns name and then checkbox Anonymous and click OK

Click Connect

Success!  You can see the test.file on the server

Select the file then click the download button

That worked just fine.

Setting up virtual users

Now that the anonymous test is done I want to update it to not allow anonymous users and use virtual users via PAM.

Install PAM and htpasswd (which happens to be in apache utils)

>  sudo apt-get install libpam-pwdfile >  sudo apt-get install apache2-utils

Edit the /etc/vsftpd.conf file

>  sudo vi /etc/vsftpd.conf

Remove all the contents of the file and replace them with the following

listen=YES anonymous_enable=NO local_enable=YES write_enable=YES chroot_local_user=YES local_umask=022 guest_enable=YES user_sub_token=$USER local_root=/ftp/$USER hide_ids=YES pam_service_name=vsftpd.virtual virtual_use_local_privs=YES dirmessage_enable=YES use_localtime=YES xferlog_enable=YES connect_from_port_20=YES secure_chroot_dir=/var/run/vsftpd/empty #Set passive mode pasv_enable=YES pasv_addr_resolve=YES pasv_address=192.168.0.11 pasv_min_port=2048 pasv_max_port=2248

Add the vsftpd user (this user will be the actual 'owner' of all uploaded files)

>  sudo useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

Edit the vi/etc/pam.d/vsftpd.virtual

>  sudo vi /etc/pam.d/vsftpd.virtual

Put the following into it

auth required pam_pwdfile.so pwdfile /etc/vsftpd/ftp.passwd account required pam_permit.so

Add the passwd file

>  sudo mkdir /etc/vsftpd >  sudo touch /etc/vsftpd/ftp.passwd

Set up the first user

>  sudo htpasswd -cd /etc/vsftpd/ftp.passwd pattest

Set their password

Create a folder for them and set permissions

>  sudo mkdir -p /ftp/pattest/drive >  sudo chmod -w /ftp/pattest >  sudo chown vsftpd:nogroup -R /ftp/pattest >  sudo chmod -R 777 /ftp/pattest/drive

Set up the second user

(this command removed the -c which recreates the file)

>  sudo htpasswd -d /etc/vsftpd/ftp.passwd test

Set their password

Create a folder for them and set permissions

>  sudo mkdir -p /ftp/test/drive >  sudo chmod -w /ftp/test >  sudo chown vsftpd:nogroup -R /ftp/test >  sudo chmod -R 777 /ftp/test/drive

Restart the vsftpd service

>  sudo service vsftpd restart

Test it out

FTP via the command line using passive mode "-p"

>  ftp -p 192.168.0.11

Success!  That got me in

Now if I try to upload something I get this error

That is because you cannot write to your root directory. 

Change the directory and upload a file

ftp>  cd drive ftp>  put upload.file

Now to test it using FireFTP

Click on edit

Set the user name and login to pattest

Doing a few upload and download tests worked just fine.

I tried it with my second user and it worked just fine.

References

[1]        Setup VSFTPD with custom multiple directories and (virtual) users accounts on Ubuntu (no database required)

                        Julien Bourdeau

            http://www.sigerr.org/linux/setup-vsftpd-custom-multiple-directories-users-accounts-ubuntu-step-by-step

                Accessed 05/2013