Ideally I'd like something like proftpds ability to do this
DefaultRoot /var/www/whatever/userone/ user1
DefaultRoot /home/directory/whatever/ user2
It's important that this be for virtual users.
Asked
Active
Viewed 1,863 times
2 Answers
2
This can be done very easily with PAM.
If your disto doesn't come with PAM, then you'll need to grab a copy, as vsftpd uses PAM for authentication of virtual users.
There is a debian package for pam_pwdfile already available, alternatively, download and compile it, if your copy of linux doesn't come with it already:
apt-get install libpam-pwdfile
First, create a password file for the first user:
htpasswd -c /etc/vsftpd/passwd user1
And then:
htpasswd /etc/vsftpd/passwd user2
Next you need to edit the vsftpd configuration file /etc/vsftpd.conf
listen=YES
anonymous_enable=NO
local_enable=YES
virtual_use_local_privs=YES
write_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd
pam_service_name=vsftpd
guest_enable=YES
user_sub_token=$USER
local_root=/var/www/sites/$USER
chroot_local_user=YES
hide_ids=YES
Finally you need to configure PAM to use the password file, so edit /etc/pam.d/vsftpd
# Customized login using htpasswd file
auth required pam_pwdfile.so pwdfile /etc/vsftpd/passwd
account required pam_permit.so
Don't forget to restart vsftpd, and that's pretty much it!
Jonathan Rioux
- 1,878
- 6
- 33
- 57
-
Cheers, but I know to setup virtual users and structured chroots. I was wondering if each user could have a complete different chroot, something outside /var/www/sites/ in your example. – Hugh Mann Jan 26 '11 at 08:36
1
Yes, it's possible, see my post here:
vsftpd - local_root=/var/www/sites/$USER doesn't get interpreted?
You need to use the per-user config files in order to specify a unique chroot location for them. In your case the per-user config "local_root" will be varying values outside of /var/www/sites/ as required.
