vsftpd Server
Install and configure vsftpd server
which provides ISP-grade sftp domain-oriented service.
2022-07-28 Raspbian buster
Domain users are mapped to UNIX accounts as follows:
- Domain user
- user@domain
- Virtual User on server
user
(stored in passwd-like file, follows same rules as UNIX username)
- UNIX User
vftp
- UNIX group
vftp
- Domain directory directory
/srv/ftp/domain
(current dir on login)
- UNIX user home directory
/srv/ftp/domain/user
All domain users in a domain can read/write each others' files.
Domains have no view of other domains.
Installation & base configuration
graham:~ sudo apt update
graham:~ sudo apt install vsftpd libpam-pwdfile
graham:~ sudo systemctl stop vsftpd # stop vsftpd for updating
graham:~ sudo vi /etc/vsftpd.conf
-
Change the
snakeoil
certificates above for public signed
certificates, from LetsEncrypt for example.
graham:~ sudo mkdir -p /srv/ftp # container for per-domain shares
graham:~ sudo adduser --no-create-home --home /srv/ftp \
--shell /usr/sbin/nologin --gecos 'virtual ftp users' vftp # proxy user for all domain users
graham:~ sudo usermod --expiredate 1 vftp
graham:~ sudo mkdir -p /etc/vsftpd/users # authentication for all domain users
graham:~ sudo touch /etc/vsftpd/passwd
graham:~ sudo vi /etc/pam.d/vsftpd
graham:~ sudo vi /etc/rsyslog.d/vsftpd.conf
graham:~ sudo systemctl restart rsyslog
graham:~ sudo systemctl start vsftpd # start vsftpd again
graham:~ sudo tail /var/log/vsftpd.log
- Verify from log that vsftpd started and logging successfully.
Add a domain
Add domain geddy.au.
graham:~ sudo mkdir -p /srv/ftp/geddy.au # container for this domain's shares
graham:~ sudo chown root:root /srv/ftp/geddy.au
graham:~ sudo chmod 755 /srv/ftp/geddy.au
-
The domain directory must be owned and writeable only by
root
.
graham:~ sudo vi /etc/vsftpd/users/@geddy.au # template user config for this domain
-
This is template user configuration for all users in domain
geddy.au. Symlink to it for all the domain's users.
Add a virtual user
Add domain user fred.nerk to domain geddy.au.
graham:~ sudo ln -s /etc/vsftpd/users/@geddy.au /etc/vsftpd/users/fred.nerk@geddy.au
graham:~ echo "fred.nerk:$(openssl passwd -1)" | \
sudo tee -a /etc/vsftpd/passwd # apply template user config for this user
Password: fred.nerk's password
graham:~ sudo mkdir /srv/ftp/geddy.au/fred.nerk # container of this domain user's share
graham:~ sudo chown vftp:vftp /srv/ftp/geddy.au/fred.nerk
graham:~ sudo chmod 2775 /srv/ftp/geddy.au/fred.nerk