This is a guide for setting up VSFTPD on FreeBSD.

Setting up the Environment¶

• Start by making sure everything is up to date:
  

  pkg update && pkg upgrade
  portsnap fetch extract
  

• Install portmaster:
  

  cd /usr/ports/ports-mgmt/portmaster
  make install clean
  pkg2ng
  

• Install py-htpasswd:
  

  portmaster security/py-htpasswd
  

Install VSFTPD¶

• Install VSFTPD:
  

  portmaster ftp/vsftpd
  

• In order to be able to authenticate FTP users properly, install the security/pam_pwdfile port:
  

  portmaster security/pam_pwdfile
  

Configuration of vsftpd¶

First we will configure vsftpd, so it is able to authenticate our FTP users - the information about the FTP users will be stored in the /usr/local/etc/vsftpd_login.db file, which we will later populate with some user accounts.

• Now create the /etc/pam.d/vsftpd file,
  

  vi /etc/pam.d/vsftpd
  

  • And add/modify the following lines:
    

    auth required /usr/local/lib/pam_pwdfile.so pwdfile /usr/local/etc/vsftpd_login.db
    account required /usr/lib/pam_permit.so
    

• Create the virtual user for our vsftpd setup:
  

  adduser -v
  

  • Example output:
    

    Username: virtual
    Full name: Virtual FTP user
    Uid (Leave empty for default):
    Login group [virtual]:
    Login group is virtual. Invite virtual into other groups? []:
    Login class [default]:
    Shell (sh csh tcsh bash rbash nologin) [sh]: nologin
    Home directory [/home/virtual]:
    Use password-based authentication? [yes]:
    Use an empty password? (yes/no) [no]:
    Use a random password? (yes/no) [no]:
    Enter password:
    Enter password again:
    Lock out the account after creation? [no]:
    Username   : virtual
    Password   : *****
    Full Name  : Virtual FTP user
    Uid        : 1007
    Class      :
    Groups     : virtual
    Home       : /home/virtual
    Shell      : /usr/sbin/nologin
    Locked     : no
    OK? (yes/no): yes
    adduser: INFO: Successfully added (virtual) to the user database.
    Add another user? (yes/no): no
    Goodbye!
    

• Now edit the configuration file vsftpd:
  

  /usr/local/etc/vsftpd.conf
  

  • Add or modify the following parameters. Below is just a sample configuration file that I've used for my private FTP server. Please refer to the manual pages of vsftpd(8) and vsftpd.conf(5) for more information about the configuration options that you might want to include.
    

    anonymous_enable=NO
    anon_upload_enable=YES
    anon_mkdir_write_enable=YES
    anon_other_write_enable=YES
    anon_world_readable_only=NO
    
    listen=YES
    background=YES
    
    max_clients=200 # change these to whatever you wish
    max_per_ip=5
    
    write_enable=YES
    local_enable=YES
    pam_service_name=vsftpd
    
    xferlog_enable=YES
    local_root=/home/virtual
    
    chroot_local_user=YES
    allow_writeable_chroot=YES
    secure_chroot_dir=/usr/local/share/vsftpd/empty/
    dirmessage_enable=YES
    virtual_use_local_privs=YES
    
    pasv_enable=YES
    pasv_min_port=50000
    pasv_max_port=50999
    
    guest_enable=YES
    guest_username=virtual
    
    ls_recurse_enable=YES
    ascii_download_enable=NO
    ascii_upload_enable=NO
    

Adding Users¶

In order to create a user for our vsftp setup we will use the htpasswd tool, and we will keep the user details in the /usr/local/etc/vsftpd_login.db file.

• Create the password database and create a user:
  

  htpasswd.py -c -b /usr/local/etc/vsftpd_login.db bob SuperSecretPassword
  

• Secure the password file:
  

  chmod 0600 /usr/local/etc/vsftpd_login.db
  

• In order to add new users, after you've created the password database:
  

  htpasswd.py -b /usr/local/etc/vsftpd_login.db alice SecretPassword
  

• Start and enable vsftpd at boot:
  

  echo 'vsftpd_enable="YES"' >> /etc/rc.conf
  service vsftpd start
  

Resources¶

• http://unix-heaven.org/node/9