Posts Tagged ‘ftp’

Sweet vsftpd setup using virtual users for web developers

Wednesday, September 15th, 2010

What this setup does is create a list of FTP users, not local users on the server system, and jail them to web directories. This means that they can only work in those directories to which they are assigned.

Firstly, install vsftpd:

linux# apt-get install vsftpd

Now install the PAM password file support:

linux# apt-get install libpam-pwdfile

Make sure this directory exists: /etc/vsftpd and if it does not:

linux#mkdir /etc/vsftpd

Now, we are going to make a list of users using PAM. The username will need to match the directory name of the web root for each virtual host. E.G. /var/www/ would be ‘’ for the username.

linux# htpasswd -c /etc/vsftpd/passwd

For each user after that drop off the -c

linux# htpasswd /etc/vsftpd/passwd

Next we need to edit the vsftpd config file

linux# nano /etc/vsftpd.conf

Edit or add these settings:


Now we need to configure PAM to read the password file:

linux# nano /etc/pam.d/vsftpd

Comment out all existing lines and add these:

# Customized login using htpasswd file
auth required pwdfile /etc/vsftpd/passwd
account required

To make a super FTP user with access to all of the website we need to make a special config file for them.
First, make the config file directory:

linux# mkdir /var/www/users

Create the super FTP user using htpasswd in /etc/vsftpd, but now we are also going to create a config file for that user (

linux# nano /var/www/users/

Put just this line in the file and save: local_root=/var/www

Now that user has access to all of the websites in /var/www because we jailed it there instead of /var/www/

These config file take precedence over /etc/vsftpd.conf settings.

Reboot vsftpd

linux# /etc/init.d/vsftpd restart

Note, users will not work until their directory is made.

—Cleaning up—

Make all website accessible to apache:

linux# chown www-data:www-data /var/www -R

Make the www-data group sticky to retain the group even when ftp users create things:

linux# chmod g+s /var/www -R

Fix the user config file directory
linux# chown root:root /var/www/users -R

Many thanks to the author of this article to get me most of the way there.