Support #587
Updated by Daniel Curtis over 9 years ago
This is a guide for setting up VSFTPD on FreeBSD. h1. Setting up the Environment * Start by making sure everything is up to date: <pre> pkg update && pkg upgrade portsnap fetch extract </pre> * Install portmaster: <pre> cd /usr/ports/ports-mgmt/portmaster make install clean pkg2ng </pre> * Install py-htpasswd: <pre> portmaster security/py-htpasswd </pre> h1. Install VSFTPD * Install VSFTPD: <pre> portmaster ftp/vsftpd </pre> * In order to be able to authenticate FTP users properly, install the security/pam_pwdfile port: <pre> portmaster security/pam_pwdfile </pre> h2. Configuration of vsftpd First we will configure vsftpd, so it is able to authenticate our FTP users - the information about the FTP users will be stored in the @/usr/local/etc/vsftpd_login.db@ file, which we will later populate with some user accounts. * Now create the @/etc/pam.d/vsftpd@ file, <pre> vi /etc/pam.d/vsftpd </pre> #* And add/modify the following lines: <pre> auth required /usr/local/lib/pam_pwdfile.so pwdfile /usr/local/etc/vsftpd_login.db account required /usr/lib/pam_permit.so </pre> * Create the virtual user for our vsftpd setup: <pre> adduser -v </pre> #* _Example output:_ <pre> Username: virtual Full name: Virtual FTP user Uid (Leave empty for default): Login group [virtual]: Login group is virtual. Invite virtual into other groups? []: Login class [default]: Shell (sh csh tcsh bash rbash nologin) [sh]: nologin Home directory [/home/virtual]: Use password-based authentication? [yes]: Use an empty password? (yes/no) [no]: Use a random password? (yes/no) [no]: Enter password: Enter password again: Lock out the account after creation? [no]: Username : virtual Password : ***** Full Name : Virtual FTP user Uid : 1007 Class : Groups : virtual Home : /home/virtual Shell : /usr/sbin/nologin Locked : no OK? (yes/no): yes adduser: INFO: Successfully added (virtual) to the user database. Add another user? (yes/no): no Goodbye! </pre> Now configure vsftpd, which keeps it's configuration data in the @/usr/local/etc/vsftpd.conf@ file. * *NOTE*: Below is just a sample configuration file that I've used for my private FTP server. Please refer to the manual pages of vsftpd(8) and vsftpd.conf(5) for more information about the configuration options that you might want to include. <pre> anonymous_enable=NO anon_upload_enable=YES anon_mkdir_write_enable=YES anon_other_write_enable=YES anon_world_readable_only=NO listen=YES background=YES listen_address=x.x.x.x # change this to the IP address vsftpd will be listening on listen_port=21 # change this to whatever port you wish max_clients=200 # change these to whatever you wish max_per_ip=5 write_enable=NO local_enable=YES pam_service_name=vsftpd pasv_min_port=50000 # change these too if you have a firewall running pasv_max_port=50999 xferlog_enable=YES chroot_local_user=YES secure_chroot_dir=/usr/local/share/vsftpd/empty/ guest_enable=YES guest_username=virtual ls_recurse_enable=NO ascii_download_enable=NO ascii_upload_enable=NO Adding users to vsftpd </pre> h2. Adding Users In order to create a user for our vsftp setup we will use the htpasswd tool, and we will keep the user details in the @/usr/local/etc/vsftpd_login.db@ file. * Create the password database and create a user: <pre> htpasswd.py htpasswd -c -b /usr/local/etc/vsftpd_login.db bob SuperSecretPassword </pre> * Secure the password file: <pre> chmod 0600 /usr/local/etc/vsftpd_login.db </pre> * In order to add new users, after you've created the password database: <pre> htpasswd -b /usr/local/etc/vsftpd_login.db alice SecretPassword </pre> * Start and enable vsftpd at boot: <pre> echo 'vsftpd_enable="YES"' >> /etc/rc.conf service vsftpd start </pre> h1. Resources * http://unix-heaven.org/node/9