Last Update: 20230722
Abstract
sudo apt update && sudo apt install vsftpd
File path: /etc/vsftpd.conf
ββββanonymous_enable=NO
ββββlocal_enable=YES
ββββwrite_enable=YES
ββββchroot_local_user=YES
ββββ# By default (chroot_local_user=NO), the vsftpd.chroot_list specifies the users that can be chroot. If set to YES, the list becomes a list of users to NOT chroot.
ββββ
ββββ# Allow upload if needed. (here we create ~/ftp for file management)
ββββuser_sub_token=$USER
ββββlocal_root=/home/$USER/ftp
ββββ## Another solution (user needs writable permission to home directory)
ββββwrite_enable=YES
ββββallow_writeable_chroot=YES
ββββpasv_min_port=30000
ββββpasv_max_port=31000
ββββuserlist_enable=YES
ββββuserlist_file=/etc/vsftpd.user_list
ββββuserlist_deny=NO
If using vsftpd.user_list
while enable anonymous users, the user anonymous
need to be appended into vsftpd.user_list
to allow anonymous login.
The anonymous user will login to default direcotry /srv/ftp
, and the shell access and chroot will be restricted.
ββββsudo adduser <user_name>
ββββecho "<user_name>" | sudo tee -a /etc/vsftpd.user_list
ββββsudo mkdir -p /home/<user_name>/ftp/upload
ββββsudo chmod 550 /home/<user_name>/ftp
ββββsudo chmod 750 /home/<user_name>/ftp/upload
ββββsudo chown -R <user_name>: /home/<user_name>/ftp
ββββsudo usermod -d /home/<user_name>/ftp <user_name>
ββββ# Create message showing file
ββββecho -e '#!/bin/sh\necho "This account is limited to FTP access only."' | sudo tee -a /bin/ftponly
ββββ# Make it executable
ββββsudo chmod a+x /bin/ftponly
ββββecho "/bin/ftponly" | sudo tee -a /etc/shells
ββββsudo usermod <user_name> -s /bin/ftponly