Support #587
Updated by Daniel Curtis over 9 years ago
This is a guide for setting up VSFTPD on FreeBSD.
h1. Setting up the Environment
* Start by making sure everything is up to date:
<pre>
pkg update && pkg upgrade
portsnap fetch extract
</pre>
* Install portmaster:
<pre>
cd /usr/ports/ports-mgmt/portmaster
make install clean
pkg2ng
</pre>
* Install py-htpasswd:
<pre>
portmaster security/py-htpasswd
</pre>
h1. Install VSFTPD
* Install VSFTPD:
<pre>
portmaster ftp/vsftpd
</pre>
* In order to be able to authenticate FTP users properly, install the security/pam_pwdfile port:
<pre>
portmaster security/pam_pwdfile
</pre>
h2. Configuration of vsftpd
First we will configure vsftpd, so it is able to authenticate our FTP users - the information about the FTP users will be stored in the @/usr/local/etc/vsftpd_login.db@ file, which we will later populate with some user accounts.
* Now create the @/etc/pam.d/vsftpd@ file,
<pre>
vi /etc/pam.d/vsftpd
</pre>
#* And add/modify the following lines:
<pre>
auth required /usr/local/lib/pam_pwdfile.so pwdfile /usr/local/etc/vsftpd_login.db
account required /usr/lib/pam_permit.so
</pre>
* Create the virtual user for our vsftpd setup:
<pre>
adduser -v
</pre>
#* _Example output:_
<pre>
Username: virtual
Full name: Virtual FTP user
Uid (Leave empty for default):
Login group [virtual]:
Login group is virtual. Invite virtual into other groups? []:
Login class [default]:
Shell (sh csh tcsh bash rbash nologin) [sh]: nologin
Home directory [/home/virtual]:
Use password-based authentication? [yes]:
Use an empty password? (yes/no) [no]:
Use a random password? (yes/no) [no]:
Enter password:
Enter password again:
Lock out the account after creation? [no]:
Username : virtual
Password : *****
Full Name : Virtual FTP user
Uid : 1007
Class :
Groups : virtual
Home : /home/virtual
Shell : /usr/sbin/nologin
Locked : no
OK? (yes/no): yes
adduser: INFO: Successfully added (virtual) to the user database.
Add another user? (yes/no): no
Goodbye!
</pre>
Now configure vsftpd, which keeps it's configuration data in the @/usr/local/etc/vsftpd.conf@ file.
* *NOTE*: Below is just a sample configuration file that I've used for my private FTP server. Please refer to the manual pages of vsftpd(8) and vsftpd.conf(5) for more information about the configuration options that you might want to include.
<pre>
anonymous_enable=NO
anon_upload_enable=YES
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
anon_world_readable_only=NO
listen=YES
background=YES
max_clients=200 # change these to whatever you wish
max_per_ip=5
write_enable=YES
local_enable=YES
pam_service_name=vsftpd
xferlog_enable=YES
local_root=/home/virtual
chroot_local_user=YES
allow_writeable_chroot=YES
secure_chroot_dir=/usr/local/share/vsftpd/empty/
dirmessage_enable=YES
virtual_use_local_privs=YES
pasv_enable=YES
pasv_min_port=50000
pasv_max_port=50999
guest_enable=YES
guest_username=virtual
ls_recurse_enable=YES
ascii_download_enable=NO
ascii_upload_enable=NO
</pre>
h2. Adding Users
In order to create a user for our vsftp setup we will use the htpasswd tool, and we will keep the user details in the @/usr/local/etc/vsftpd_login.db@ file.
* Create the password database and create a user:
<pre>
htpasswd.py -c -b /usr/local/etc/vsftpd_login.db bob SuperSecretPassword
</pre>
* Secure the password file:
<pre>
chmod 0600 /usr/local/etc/vsftpd_login.db
</pre>
* In order to add new users, after you've created the password database:
<pre>
htpasswd.py -b /usr/local/etc/vsftpd_login.db alice SecretPassword
</pre>
* Start and enable vsftpd at boot:
<pre>
echo 'vsftpd_enable="YES"' >> /etc/rc.conf
service vsftpd start
</pre>
h1. Resources
* http://unix-heaven.org/node/9