Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
I'm currently setting up a free hosting company. I've got everything configured except the FTP server. I installed vsftpd, and now I could use a little help configuring it. I've read a few vsftpd tuts, but none of them have answered certain questions I have.
I have a control panel installed, so after each user signs up for free hosting, I simply create their subdomain and create their account. Each user will have their own private directory, so that they can work on their files in private. For example, if the user's name is "Bob" his directory would be "/www/htdocs/hosted/bob". He would also need to have the ability to read and write inside his directory.
What should my vsftpd configuration file look like if I wanted it to operate as I explained above?
Also, if possible I'd prefer to have some kind of userlist so that I can have my php script create users so I dont' have to. If it's possible to do a userlist type-thing, what would need to be added to the list to add a user?
Something like "user, password;"?
I'm kinda new to FTP servers, so any help is appreciated. I'll even throw decently-sized hosting plan at anyone that helps me out.
Last edited by Hexadecimal; 08-08-2005 at 09:26 PM.
Yes, a sample vsftpd.conf file would be helpful. (A sample userlist would be nice too. ) I don't believe I need anonymous access at this time. I just want to be able to have some kind of userlist so that I can add/delete users, and change their permissions and dirs.
And yes, users should have write access.
Also, I checked out the link to your FTP server in your sig. The music is Grooovy.
Last edited by Hexadecimal; 08-10-2005 at 11:06 PM.
Hi again. I had to go to work. (I'm at lunch at the moment).
OK, here's my vsftpd.conf, it allows the users listed in the user_list file to log in, no anonymous users, and quite tight restrictions on what users can do:
# Allow anonymous FTP?
# Allow local users to log in?
# Allow any form of FTP write command.
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
# Allow the anonymous FTP user to upload files?
# Activate directory messages - messages given to remote users when they
# go into a certain directory.
# Activate logging of uploads/downloads?
# Make sure PORT transfer connections originate from port 20 (ftp-data)?
# Log file in standard ftpd xferlog format?
# User for vsftpd to run as?
# Login banner string:
ftpd_banner=ILikeJam FTP server. Logs are being monitored.
# chroot local users (only allow users to see their directory)?
# PAM service name?
# Enable user_list (see next option)?
# Should the user_list file specify users to deny(=YES) or to allow(=NO)
# Standalone (not run through xinetd) listen mode?
# Log all ftp actions (not just transfers)?
# Show file ownership as ftp:ftp instead of real users?
# Allow ftp users to change permissions of files?
# Use local time?
# List of raw FTP commands which are allowed (some commands may be a security hazard):
Have a look at 'man vsftpd.conf' for a full list and description of all options. There's quite a few.
For a list of raw FTP commands (for the cmds_allowed option) have a look here: http://www.nsftools.com/tips/RawFTP.htm
With this config, uploaded files are not readable or executable by anyone, so the server is acting as a 'dropbox'. Change the file_open_mode option to change that.
As for my user_list file contains:
as they are the only two users that are allowed to log in.
My ftpusers file contains (it's not been changed from the default list that was installed with vsftpd):
# Users that are not allowed to login via ftp
The users and passwords are just the Linux users and passwords on the FTP machine, so for someone to access the FTP server when anonymous access is disabled, they must have a normal Linux user account on the FTP machine (just the same as your own account and 'root' etc). The following three commands will add 'bob' to the users on your machine (with the home directory /www/htdocs/hosted/bob), assign bob the password 'bobspassword' and will allow bob to log in through ftp:
useradd -d /www/htdocs/hosted/bob -g anonftpusers -s /sbin/nologin bob
echo bobspassword | passwd --stdin bob
echo bob >> /etc/vsftpd/user_list
'bob' will also be put in the group 'anonftpusers' by those commands, and his login shell will be /sbin/nologin, to prevent him from logging to your ftp machine as a real user and running programs etc.
Being normal Linux user accounts, you could also use whatever you normally use to change or assign passwords.
P.S. As usual your /etc/vsftpdxxxx files may be in different locations.
That will make files uploaded by your users writable by only themselves (but readable by everyone, which may be required by your webserver, I don't know) and if, through some misconfiguration, an anonymous user manages to upload a file, the file will have no read, write or execute permission. Just to be safe.
You also probably want 'DELE', 'MKD' and 'RMD' in your cmds_allowed=, to let your users delete files, create directories and also delete directories.
It's also worth noting that 'log_ftp_protocol=YES' will log _every_ FTP command issued by any client connecting to your machine. It might be a good idea to have this on to begin with, to watch out for any problems, but if your FTP site is busy, this file will get very large very fast, so you might want to swith this option to 'NO' at some point. (The log file usually goes to /var/log/vsftpd.log).