Support #587
Updated by Daniel Curtis about 9 years ago
This is a guide for setting up VSFTPD on FreeBSD. h1. Setting up the Environment * Start by making sure everything is up to date: <pre> pkg update && pkg upgrade portsnap fetch extract </pre> * Install portmaster: <pre> cd /usr/ports/ports-mgmt/portmaster make install clean pkg2ng </pre> * Install py-htpasswd: <pre> portmaster security/py-htpasswd </pre> h1. Install VSFTPD * Install VSFTPD: <pre> portmaster ftp/vsftpd </pre> * In order to be able to authenticate FTP users properly, install the security/pam_pwdfile port: <pre> portmaster security/pam_pwdfile </pre> h2. Configuration of vsftpd First we will configure vsftpd, so it is able to authenticate our FTP users - the information about the FTP users will be stored in the @/usr/local/etc/vsftpd_login.db@ file, which we will later populate with some user accounts. * Now create the @/etc/pam.d/vsftpd@ file, <pre> vi /etc/pam.d/vsftpd </pre> #* And add/modify the following lines: <pre> auth required /usr/local/lib/pam_pwdfile.so pwdfile /usr/local/etc/vsftpd_login.db account required /usr/lib/pam_permit.so </pre> * Create the virtual user for our vsftpd setup: <pre> adduser -v </pre> #* _Example output:_ <pre> Username: virtual Full name: Virtual FTP user Uid (Leave empty for default): Login group [virtual]: Login group is virtual. Invite virtual into other groups? []: Login class [default]: Shell (sh csh tcsh bash rbash nologin) [sh]: nologin Home directory [/home/virtual]: Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : virtual Password : ***** Full Name : Virtual FTP user Uid : 1007 Class : Groups : virtual Home : /home/virtual Shell : /usr/sbin/nologin Locked : no OK? (yes/no): yes adduser: INFO: Successfully added (virtual) to the user database. Add another user? (yes/no): no Goodbye! </pre> * Now edit the configure vsftpd, which keeps it's configuration file vsftpd: <pre> /usr/local/etc/vsftpd.conf </pre> #* Add or modify data in the following parameters. @/usr/local/etc/vsftpd.conf@ file. * *NOTE*: Below is just a sample configuration file that I've used for my private FTP server. Please refer to the manual pages of vsftpd(8) and vsftpd.conf(5) for more information about the configuration options that you might want to include. <pre> anonymous_enable=NO anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES anon_world_readable_only=NO listen=YES background=YES max_clients=200 # change these to whatever you wish max_per_ip=5 write_enable=YES local_enable=YES pam_service_name=vsftpd xferlog_enable=YES local_root=/home/virtual chroot_local_user=YES allow_writeable_chroot=YES secure_chroot_dir=/usr/local/share/vsftpd/empty/ dirmessage_enable=YES virtual_use_local_privs=YES pasv_enable=YES pasv_min_port=50000 pasv_max_port=50999 guest_enable=YES guest_username=virtual ls_recurse_enable=YES ascii_download_enable=NO ascii_upload_enable=NO </pre> h2. Adding Users In order to create a user for our vsftp setup we will use the htpasswd tool, and we will keep the user details in the @/usr/local/etc/vsftpd_login.db@ file. * Create the password database and create a user: <pre> htpasswd.py -c -b /usr/local/etc/vsftpd_login.db bob SuperSecretPassword </pre> * Secure the password file: <pre> chmod 0600 /usr/local/etc/vsftpd_login.db </pre> * In order to add new users, after you've created the password database: <pre> htpasswd.py -b /usr/local/etc/vsftpd_login.db alice SecretPassword </pre> * Start and enable vsftpd at boot: <pre> echo 'vsftpd_enable="YES"' >> /etc/rc.conf service vsftpd start </pre> h1. Resources * http://unix-heaven.org/node/9