Linux MINT DE :: Virtual FTP Access

Linux MINT DE :: Virtual FTP Access

  1. Install the following apps
    apt-get install vsftpd libpam-pwdfile
  2. Edit /etc/vsftpd.conf
    nano /etc/vsftpd.conf
  3. Then past the following
    Edit to your exact needs the most important bit for virtual users is everything after the virtual user settings comment.

    local_umask=022 local_root=/var/www
    #virutal user settings
  4. Creating User
    You can either use a database or htpasswd,  I found htpasswd faster and easier to use.

    1. Make a directory to store your users
      mkdir /etc/vsftpd
      htpasswd -cd /etc/vsftpd/ftpd.passwd user1

      NB. when adding additional users just omit the -c

      htpasswd -d /etc/vsftpd/ftpd.passwd user2


  5. Set and encrypt password
    I’ve only managed to get it to work using CRYPT which limits to 8 chars to use more than 8 chars use openssl to generate a compatible hash and pipe directly into htpasswd

    htpasswd -c -p -b /etc/vsftpd/ftpd.passwd user1 $(openssl passwd -1 -noverify password)


  6. Change the PAM file
    Once your users are created you can now change your PAM config file

    nano /etc/pam.d/vsftpd
    and remove everything inside this file and replace with the following
    <code>auth required pwdfile /etc/vsftpd/ftpd.passwd</code>

    auth required pwdfile /etc/vsftpd/ftpd.passwd

account required

This will enable login for your virtual users defined in /etc/vsftpd/ftpd.passwd and will disable local users

Next we need to add a user for these virtual users to use. These users will not have access to the shell and will be called vsftpd

useradd --home /home/vsftpd --gid nogroup -m --shell /bin/false vsftpd

the user must match guest_username=vsftpd in the vsftpd conf file

Defining Directory Access

The important line here is the following


this means that when user1 logs in it will look for the following file


this file the same as the vsftpd.conf so you can define a new local_root

going back to the question we want user1 to only have access to var/www/website_name1/sub_folder1, so we need to create the vsftpd_user_conf folder:

mkdir /etc/vsftpd_user_conf

Now create the user file:

nano /etc/vsftpd_user_conf/user1

and enter the following line


Now restart vsftp

service vsftpd restart

you should now be able to login as user1 who will only be able to see var/www/website_name1/sub_folder1 and any folder and file inside it.

That’s it you can now add as many users as you want and limit their access to whatever folder you wish.

important to remember if you do not create a user conf file it will default to the var/www folder as root (in the example above)

If the subfolder is intended to be modifiable by the user, it might be necesary to change the owner of the shared subfolder:

chown vsftpd:nogroup /var/www/website_name1/sub_folder1