Abstract: This serves as an explicit guide as to how one goes about setting up a VSFTPD server on a Gentoo Linux computer. Though written for Gentoo, these instructions apply to other Linux distributions as well.
When someone asked how you could configure VSFTPD on Gentoo Linux I decided to write this howto. They wanted their daemon to have several user accounts with varying permissions. He wanted to create multiple user accounts, one to download only and one to upload. This document should serve as a useful guide to configuring your VSFTPD server. VSFTPD is an awesome FTP daemon that I recommend to everyone. There is a project for a GUI configuration in the works, please be patient (update: I guess the GUI project was scrapped, it's been four years and I didn't find anything good in a quick Google search - if you find a good one, let me know). VSFTPD is known for performance under massive enterprise-level solutions, easy configuration, stability, and security.
You are free to redistribute the contents of this page in part or in whole as long as you either attribute it to John Holden, or include a link to this site.
Everyone needs to do parts 1 and 7. If you want to configure your server to allow anonymous access, do part 3. For a server that only allows local user accounts (no anonymous), do 2 and 4. For a server that permits anyone to download anonymously, but requires a password to upload, do parts 5 and 6.
If you are interested in creating virtual users with PAM see the Gentoo Wiki.
$ emerge vsftpd
2) Configuration for passworded logins only
Now to configure by editting /etc/vsftpd/vsftpd.conf. I suggest that you read the documentation (man vsftpd.conf), then use this sample code as a guideline. Still, here's a configuration file that allows local users and disallows anonymous access (that means you must enter a password):
# /etc/vsftpd/vsftpd.conf - destuxor - 3/20/2005 - local logins only local_enable=YES write_enable=YES anonymous_enable=NO xferlog_enable=YES xferlog_file=/var/log/vsftpd/vsftpd.log idle_session_timeout=600 data_connection_timeout=120 ascii_upload_enable=NO ascii_download_enable=NO nopriv_user=downloader dirmessage_enable=YES ftpd_banner=Your Banner Goes Here chroot_list_enable=NO chroot_local_user=YES background=YES listen=YES ls_recurse_enable=NO
3) Configuration for anonymous only
The following configuration file is what I use for an FTP server that only allows anonymous access. Be smart about using anonymous though, as well know just how bad anonymous write access can be!
# /etc/vsftpd/vsftpd.conf - destuxor - 3/22/2005 - anonymous only anonymous_enable=YES local_enable=NO write_enable=NO anon_upload_enable=NO anon_mkdir_write_enable=NO dirmessage_enable=YES chown_uploads=NO xferlog_enable=YES idle_session_timeout=600 data_connection_timeout=120 ascii_upload_enable=NO ascii_download_enable=NO ftpd_banner=---==[ John's Gentoo Box ]==--- chroot_list_enable=NO chroot_list_file=/etc/vsftpd/vsftpd.chroot_list background=YES listen=YES ls_recurse_enable=NO
4) Adding user accounts (only do this if you're using authentication)
So now that it's configured it's time to add the appropriate user accounts. We're going to create two user accounts with the same home directory. One user will be able to read and write, the other will only be able to read. Both will require passwords. Open a command prompt and get root:
Note: if a group named 'ftp' does not already exist you should create it using groupadd.
$ mkdir /home/shared $ useradd -d /home/shared -s /bin/bash -g ftp downloader $ useradd -d /home/shared -s /bin/bash -g ftp uploader $ chown uploader:ftp -R /home/shared $ chmod 750 -R /home/shared $ passwd downloader $ passwd uploader $ rc-update add vsftpd default
This has added two users named uploader and downloader. You set the passwords, so don't forget them (or leak them!). These user accounts are given permission to use the shell, so be careful with who you share these logins with.
Note: depending on your computers security configuration, a user that belongs only to the 'ftp' group may or may not be able to login locally/through SSH.
5) Configuration for anonymous downloading, passworded uploading
Suppose you want to allow people to download anonymously, but require a password to modify those files. This can be done exactly the same way, only it will need a different config file. This is the config file you need:
# /etc/vsftpd/vsftpd.conf - destuxor - 3/22/2005 - both anon and local logins anonymous_enable=YES local_enable=YES write_enable=YES anon_upload_enable=NO anon_mkdir_write_enable=NO dirmessage_enable=YES chown_uploads=NO xferlog_enable=YES idle_session_timeout=600 data_connection_timeout=120 ascii_upload_enable=NO ascii_download_enable=NO ftpd_banner=Your Banner Goes Here chroot_list_enable=NO chroot_local_user=YES nopriv_user=ftp chroot_list_file=/etc/vsftpd/vsftpd.chroot_list background=YES listen=YES ls_recurse_enable=NO
6) Adding upload user account (only if you're doing the anonymous download/authenticated upload)
Instead of adding the user named download we will use the 'ftp' account (which should already exist). If this user exists (again, it should, from the VSFTPD installation) then /home/ftp/ should also exist.
$ useradd -d /home/ftp -s /bin/bash -g ftp uploader $ chown uploader:ftp -R /home/ftp $ chmod 750 -R /home/ftp $ passwd uploader $ rc-update add vsftpd default
7) Starting the daemon (all configurations)
So now that you've got the daemon configured and you've also got the user accounts setup, it is time to launch the daemon!
$ /etc/init.d/vsftpd start
You probably want to set the daemon to start by default, so use this command to make it run on system startup:
$ rc-update add vsftpd default
If for some reason it doesn't work or people can't connect to it, the first place is to look is of course the Gentoo Forums. If that fails you, check the VSFTPD website. If that doesn't answer your questions, hit TLDP and LinuxQuestions. Those failing, you can learn anything from that magical site.
I hope you found this document helpful! Please provide feedback - it'll be quick, I promise!
9/12/2009: I originally wrote this document years ago and have been surprised that each month hundreds of people view it. I sincerely hope that it has been useful to these people. I have not used Gentoo Linux for quite some time (work reasons) so if any of this information is incomplete, incorrect, or outdated do not hesitate to let me know. The kind folks at Gentoo Wiki have created a thorough help document that may be of use if this document does not answer all your questions.