Gentoo VSFTPD Howto

Abstract: This serves as an explicit guide as to how one goes about setting up a VSFTPD server on a Gentoo Linux computer. Though written for Gentoo, these instructions apply to other Linux distributions as well.

When someone asked how you could configure VSFTPD on Gentoo Linux I decided to write this howto. They wanted their daemon to have several user accounts with varying permissions. He wanted to create multiple user accounts, one to download only and one to upload. This document should serve as a useful guide to configuring your VSFTPD server. VSFTPD is an awesome FTP daemon that I recommend to everyone. There is a project for a GUI configuration in the works, please be patient (update: I guess the GUI project was scrapped, it's been four years and I didn't find anything good in a quick Google search - if you find a good one, let me know). VSFTPD is known for performance under massive enterprise-level solutions, easy configuration, stability, and security.

You are free to redistribute the contents of this page in part or in whole as long as you either attribute it to John Holden, or include a link to this site.


Everyone needs to do parts 1 and 7. If you want to configure your server to allow anonymous access, do part 3. For a server that only allows local user accounts (no anonymous), do 2 and 4. For a server that permits anyone to download anonymously, but requires a password to upload, do parts 5 and 6.

If you are interested in creating virtual users with PAM see the Gentoo Wiki.

1) Installation

  $ emerge vsftpd

2) Configuration for passworded logins only
Now to configure by editting /etc/vsftpd/vsftpd.conf. I suggest that you read the documentation (man vsftpd.conf), then use this sample code as a guideline. Still, here's a configuration file that allows local users and disallows anonymous access (that means you must enter a password):

  # /etc/vsftpd/vsftpd.conf - destuxor - 3/20/2005 - local logins only
  local_enable=YES
  write_enable=YES
  anonymous_enable=NO
  xferlog_enable=YES
  xferlog_file=/var/log/vsftpd/vsftpd.log
  idle_session_timeout=600
  data_connection_timeout=120
  ascii_upload_enable=NO
  ascii_download_enable=NO
  nopriv_user=downloader
  dirmessage_enable=YES
  ftpd_banner=Your Banner Goes Here
  chroot_list_enable=NO
  chroot_local_user=YES
  background=YES
  listen=YES
  ls_recurse_enable=NO

3) Configuration for anonymous only
The following configuration file is what I use for an FTP server that only allows anonymous access. Be smart about using anonymous though, as well know just how bad anonymous write access can be!

  # /etc/vsftpd/vsftpd.conf - destuxor - 3/22/2005 - anonymous only
  anonymous_enable=YES
  local_enable=NO
  write_enable=NO
  anon_upload_enable=NO
  anon_mkdir_write_enable=NO
  dirmessage_enable=YES
  chown_uploads=NO
  xferlog_enable=YES
  idle_session_timeout=600
  data_connection_timeout=120
  ascii_upload_enable=NO
  ascii_download_enable=NO
  ftpd_banner=---==[ John's Gentoo Box ]==---
  chroot_list_enable=NO
  chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
  background=YES
  listen=YES
  ls_recurse_enable=NO

4) Adding user accounts (only do this if you're using authentication)
So now that it's configured it's time to add the appropriate user accounts. We're going to create two user accounts with the same home directory. One user will be able to read and write, the other will only be able to read. Both will require passwords. Open a command prompt and get root:
Note: if a group named 'ftp' does not already exist you should create it using groupadd.

  $ mkdir /home/shared
  $ useradd -d /home/shared -s /bin/bash -g ftp downloader
  $ useradd -d /home/shared -s /bin/bash -g ftp uploader
  $ chown uploader:ftp -R /home/shared
  $ chmod 750 -R /home/shared
  $ passwd downloader
  $ passwd uploader
  $ rc-update add vsftpd default

This has added two users named uploader and downloader. You set the passwords, so don't forget them (or leak them!). These user accounts are given permission to use the shell, so be careful with who you share these logins with.
Note: depending on your computers security configuration, a user that belongs only to the 'ftp' group may or may not be able to login locally/through SSH.

5) Configuration for anonymous downloading, passworded uploading
Suppose you want to allow people to download anonymously, but require a password to modify those files. This can be done exactly the same way, only it will need a different config file. This is the config file you need:

  # /etc/vsftpd/vsftpd.conf - destuxor - 3/22/2005 - both anon and local logins
  anonymous_enable=YES
  local_enable=YES
  write_enable=YES
  anon_upload_enable=NO
  anon_mkdir_write_enable=NO
  dirmessage_enable=YES
  chown_uploads=NO
  xferlog_enable=YES
  idle_session_timeout=600
  data_connection_timeout=120
  ascii_upload_enable=NO
  ascii_download_enable=NO
  ftpd_banner=Your Banner Goes Here
  chroot_list_enable=NO
  chroot_local_user=YES
  nopriv_user=ftp
  chroot_list_file=/etc/vsftpd/vsftpd.chroot_list
  background=YES
  listen=YES
  ls_recurse_enable=NO

6) Adding upload user account (only if you're doing the anonymous download/authenticated upload)
Instead of adding the user named download we will use the 'ftp' account (which should already exist). If this user exists (again, it should, from the VSFTPD installation) then /home/ftp/ should also exist.

  $ useradd -d /home/ftp -s /bin/bash -g ftp uploader
  $ chown uploader:ftp -R /home/ftp
  $ chmod 750 -R /home/ftp
  $ passwd uploader
  $ rc-update add vsftpd default

7) Starting the daemon (all configurations)
So now that you've got the daemon configured and you've also got the user accounts setup, it is time to launch the daemon!

  $ /etc/init.d/vsftpd start

You probably want to set the daemon to start by default, so use this command to make it run on system startup:

  $ rc-update add vsftpd default

If for some reason it doesn't work or people can't connect to it, the first place is to look is of course the Gentoo Forums. If that fails you, check the VSFTPD website. If that doesn't answer your questions, hit TLDP and LinuxQuestions. Those failing, you can learn anything from that magical site.


I hope you found this document helpful! Please provide feedback - it'll be quick, I promise!


9/12/2009: I originally wrote this document years ago and have been surprised that each month hundreds of people view it. I sincerely hope that it has been useful to these people. I have not used Gentoo Linux for quite some time (work reasons) so if any of this information is incomplete, incorrect, or outdated do not hesitate to let me know. The kind folks at Gentoo Wiki have created a thorough help document that may be of use if this document does not answer all your questions.

Created 6/8/2005
Minor updates 9/12/2009
Share