Setting up Virtual user with VSFTPD with Different Permissions

If you want to  setup a virtual user with  VSFTPD and also want to  share the same directory across multiple users then you can refer the below simple steps to achieve this :

  • Install VSFTPD  server
yum install vsftpd
  • Open the /etc/vsftpd/vsftpd.conf file and add the below contents :
anonymous_enable=NO
 local_enable=YES
 chroot_local_user=YES
 user_config_dir=/etc/vsftpd/vsftpd-virtual-user/
 virtual_use_local_privs=YES
 dual_log_enable=YES
 connect_from_port_20=YES
 listen=YES
 pam_service_name=vsftpd
 local_root=/home/share-drive
 tcp_wrappers=YES
 pasv_enable=YES
 pasv_max_port=55000
 pasv_min_port=50000
 pasv_address=10.10.10.14
 local_umask=0002

save and quit

Here pasv_address=10.10.10.14 is explicitly used to map the nat IP  to  public IP for passive port

  • Now go  to  directory /etc/vsftpd/vsftpd-virtual-user/ and create the file :: vsftpd_user
    cd /etc/vsftpd/vsftpd-virtual-user/

    Note :: You need to  create the directory : /etc/vsftpd/vsftpd-virtual-user/ if it doesn’t exist

  • In vsftpd_user file add the usernames for which you want to set per user  configuration
[email protected]~[#] cat vsftpd_user
test
test1
  • Now create the usernames file as ::
[email protected]~[#] cat test
 local_root=/home/share-drive
cmds_allowed=USER,PASS,SYST,FEAT,OPTS,PWD,TYPE,PASV,LIST,STOR,CWD,MKD,SIZE,MDTM,CDUP,RETR,RNFR,RNTO
 hide_file={*.xml}
 deny_file={*.xml}
 file_open_mode=0666
 local_umask=0002
 write_enable=YES

Here, deny_file will limit the access to specific files and folders for user test and same will be used for hiding the files

To use the benefit of share/common directory add the users as ::

First create a group called :  ftp_users

then add the users as ::

useradd -d /home/share-drive -s /sbin/nologin username

Once done that, use the command usermod -G ftp_users test this will facilitates all the files and folders creation with test:ftp_users .

To  add new user use :
 useradd -d /home/share-drive -s /sbin/nologin -g  ftp-users test1

Finally,  restart the VSFTPD service and you are done.

 

all FTP commands and save it on the system for reference:

#
# List of FTP commands
#
# ABOR - Abort an active file transfer.
# ACCT - Account information.
# ADAT - Authentication/Security Data (RFC 2228)
# ALLO - Allocate sufficient disk space to receive a file.
# APPE - Append.
# AUTH - Authentication/Security Mechanism (RFC 2228)
# CCC  - Clear Command Channel (RFC 2228)
# CDUP - Change to Parent Directory.
# CONF - Confidentiality Protection Command (RFC 697)
# CWD  - Change working directory.
# DELE - Delete file.
# ENC  - Privacy Protected Channel (RFC 2228)
# EPRT - Specifies an extended address and port to which the server should connect. (RFC 2428)
# EPSV - Enter extended passive mode. (RFC 2428)
# FEAT - Get the feature list implemented by the server. (RFC 2389)
# HELP - Returns usage documentation on a command if specified, else a general help document is returned.
# LAND - Language Negotiation (RFC 2640)
# LIST - Returns information of a file or directory if specified, else information of the current working directory is returned.
# LPRT - Specifies a long address and port to which the server should connect. (RFC 1639)
# LPSV - Enter long passive mode. (RFC 1639)
# MDTM - Return the last-modified time of a specified file. (RFC 3659)
# MIC  - Integrity Protected Command (RFC 2228)
# MKD  - Make directory.
# MLST - Lists the contents of a directory if a directory is named. (RFC 3659)
# MODE - Sets the transfer mode (Stream, Block, or Compressed).
# NLST - Returns a list of file names in a specified directory.
# NOOP - No operation (dummy packet; used mostly on keepalives).
# OPTS - Select options for a feature. (RFC 2389)
# PASS - Authentication password.
# PASV - Enter passive mode.
# PBSZ - Protection Buffer Size (RFC 2228)
# PORT - Specifies an address and port to which the server should connect.
# PWD  - Print working directory. Returns the current directory of the host.
# QUIT - Disconnect.
# REIN - Re initializes the connection.
# REST - Restart transfer from the specified point.
# RETR - Retrieve (download) a remote file.
# RMD  - Remove a directory.
# RNFR - Rename from.
# RNTO - Rename to.
# SITE - Sends site specific commands to remote server.
# SIZE - Return the size of a file. (RFC 3659)
# SMNT - Mount file structure.
# STAT - Returns the current status.
# STOR - Store (upload) a file.
# STOU - Store file uniquely.
# STRU - Set file transfer structure.
# SYST - Return system type.
# TYPE - Sets the transfer mode (ASCII/Binary).
# USER - Authentication username.