Well, in this article we let us setup vsftpd server with virtual users. ie. the users who don’t have local account in the FTP server itself can login to FTP server.
I assume that you already have installed and configured FTP server. If didn’t, visit to the above mentioned link to setup FTP server.
Install Berkeley Database(db4)
In this method, we use Berkeley database(db4(version4) to store virtual user names with their passwords. First install db4-utils package if it not installed:
# yum install db4-utils db4 -y
Create database file for virtual users
First create a plain text file and enter the virtual user names and their passwords one by one. Then create the db file from the plain text file.
For instance, i create a plain text file called virtual_users.txt in /home directory with username senthil and password centos:
# vi /home/virtual_users.txt
Add username and password one by one.
senthil
centos
Save and exit the file. Run the following command to create database file:
# db_load -T -t hash -f /home/virtual_users.txt /etc/vsftpd/virtual_users.db
Here virtual.db is the actual database file for virtual users.
Create a PAM file
Now create a PAM file to use the database virtual_users.db which we created from the plain text file. Create a file /etc/pam.d/vsftpd_virtual,
# vi /etc/pam.d/vsftpd_virtual
Add the following lines:
#%PAM-1.0
auth required pam_userdb.so db=/etc/vsftpd/virtual_users
account required pam_userdb.so db=/etc/vsftpd/virtual_users
session required pam_loginuid.so
Save and exit the file.
vsftpd configuration
Edit file /etc/vsftpd/vsftpd.conf,
# vi /etc/vsftpd/vsftpd.conf
Make sure that you have added or edited the following lines as shown below:
# Allow anonymous FTP? (Beware - allowed by default if you comment this out).
anonymous_enable=NO
# Uncomment this to allow local users to log in.
local_enable=YES
## Enable virtual users
guest_enable=YES
## Virtual users will use the same permissions as anonymous
virtual_use_local_privs=YES
#
# Uncomment this to enable any form of FTP write command.
write_enable=YES
## PAM file name
pam_service_name=vsftpd_virtual
## Home Directory for virtual users
user_sub_token=$USER
local_root=/ftp/virtual/$USER
# You may specify an explicit list of local users to chroot() to their home
# directory. If chroot_local_user is YES, then this list becomes a list of
# users to NOT chroot().
chroot_local_user=YES
## Hide ids from user
hide_ids=YES
Save and exit the file.
Now create home directories for virtual users:
# mkdir -p /ftp/virtual/senthil
# chown -R ftp:ftp /ftp/virtual/senthil/
Start or restart vsftpd service:
# service vsftpd restart
Now try to login to FTP server using virtual user senthil with password centos:
# ftp 192.168.1.101
Connected to 192.168.1.101 (192.168.1.101).
220 Welcome to UNIXMEN FTP service.
Name (192.168.1.101:root): senthil
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
Now you will able to login to FTP server with user senthil since i didn’t create any user calledsenthil.
Verify the log files using the following command:
# tail -f /var/log/secure
Sample output:
Dec 24 18:32:04 server vsftpd[3557]: pam_userdb(vsftpd_virtual:auth): user 'senthil' granted access
Login via your browser
Open web browser and navigate to ftp://ip-address/ and enter the virtual username and password.
That’s it. Now you will able to connect to FTP server.