# vsftpd help

## Mighty3k

Hi!

I think I managed to install vsFTPd and configure it the way I want. But it's not working.

When I start vsFTPd it's not complaining about any errors in the config, it just starts.

But I can't connect from any other computer, not even from on in my local network.

No route to host the error is.. Whats the problem?

----------

## ikaro

"no route to host" means exactly that.. there is no route to the host.

Either the IP of the server is down or the address impossible.

try to post a bit of your configuration, and how the machines are networked.

----------

## Mighty3k

I got it to work..

However, how do you specify users and their respective home directory?

----------

## Mighty3k

I got it to work..

However, how do you specify users and their respective home directory?

----------

## Corax

If you allow only a few users to connect to your server, you could create them directly on your system, collect them in a login group, say ftp_users, and lock all other directories (/bin and /etc have to be executable for them!) for that group using Access Control Lists. If you intend to administer a lot of users on your server, you won't be able to avoid handling with mysql and cyrus-asl and so on. There are a lot of posts that cope with this topic.

----------

## Corax

PS: remember to set 

```
CHROOT_LOCAL = YES
```

 in your vsftpd.conf

----------

## Mighty3k

I don't know how do to that  :Razz: 

This is my first time on linux, I just need to set up an ftp server with 3 users, 1 guest, 1 semi-admin who can upload files and create dir's and 1 user who can do "everything".  :Very Happy: 

----------

## Rad

Maybe vsftpd is a bit hard then, unless you find a detailed howto. I suggest you try pure-ftpd (and pureadmin, if you want a GUI), they're ... a bit less intertwined with linux standard stuff like PAM and so on.

----------

## Corax

To ensure a good start: read the manpage for vsftpd.conf. All settings are explained there. Then, create the users you wish to be able to connect to that server. Assign them to an arbitrary group (either when creating them with useradd or later by usermod). This CHROOT_LOCAL option ensures, that ordinary users aren't allowed to leave their home directories via ftp. Locking all other directories is not mandatory, but is for security reasons, just for the case... (In my case it was necessary, because I had symlinks that pointed to directories outside their directory tree. So I had to take care, that they could enter these certain directories, but not the other, essential ones.) vsftpd also offers options and lists that control, which users can do certain things and not. This server is really versatile. If that is too much, look for other servers, that can be configured more easily - proFTP comes to my mind.

----------

## ikaro

pure-ftpd is niiiice:)

and there is a nice GTk2 gui : pureadmin.

ps: get the source from the website, because the package in portage its a bit old.

----------

## wjholden

I use and love VSFTPD.  I don't do passworded FTP (SFTP/SCP rocks), though.  About having a privaledged user...what you could do is create those five user accounts like this:

/home/administrator = home for administrative user account (permissions: 700) -- this assumes administrative user account is in a different group.

/home/administrator/semiadmin = home for semi-administrator user account (permissions: 707)

/home/administrator/semiadmin/reguser1 = home for underprivaledged user account (permissions: 557 -- read-only for user, semi-admin can read, admin can read/write)

/home/administrator/semiadmin/reguser2 = home for second underprivaleged user account (permissions: 557)

/home/administrator/semiadmin/reguser3 = home for third underprivaleged user account (permissions: 577 -- this lets semi-admin read/write; you might need that.)

Now lock users into their home directories (CHROOT_LOCAL = YES) and you're golden!

A great tool for adding user accounts is superadduser (emerge superadduser).  If you aren't up to speed on the permissions stuff read up on the chmod manpage.  You can change ownership, if necessary, with the chown command.  Be smart with /etc/vsftpd/ftpusers too, usage of this file depends on what you've got set in the vsftpd.conf.

Hehe I like my way best.  Ten minutes to setup tops.  Thar's some quality engineering thur  :Laughing: 

Edit: The correct syntax is CHROOT_LOCAL_USER = YES, not CHROOT_LOCAL = YES.  Original text left unchanged.Last edited by wjholden on Wed Mar 23, 2005 1:22 am; edited 1 time in total

----------

## Mighty3k

Maybe it'd be easier to get help if you guys knew exactly what I want.

I need a server to upload movies and stuff on (legal home made  :Razz: ). Me and my friends are doing crazy stuff. And we have a site which we want our visitors to be able to download our work from. The webserver and ftp-server are completly separated. What we need is a server with 1 user who can access all files and download them via the website. And 1 user who can upload files. (Yeah, I know, I changed my mind).

Can someone please describe to me with all commands and things I need to do to get this working? As I said I'm completly new to linux and do not have very much experience. And I can't find any more documentation on vsftpd then the one about the config file and I can't figure out how to do it from just that.

All help is greatly appretiated! Our site has been down for 3 months now and we are eager to get it up!

It don't have to be more complicated than that!

And I can add that I don't have any windowmanager so I guess it will be pretty hard to get that pureftp with a GUI.

----------

## ikaro

pure-ftpd can also be managed with a terminal.

```

~ pure-

pure-authd         pure-ftpwho        pure-pw            pure-quotacheck    pure-statsdecode 

pure-ftpd          pure-mrtginfo      pure-pwconvert     pure-sfv           pure-uploadscript

```

 :Wink: 

----------

## wjholden

See if this works for /etc/vsftpd/vsftpd.conf:

```
# /etc/vsftpd/vsftpd.conf - destuxor - 3/20/2005

local_enable=YES

write_enable=YES

anonymous_enable=NO

xferlog_enable=YES

xferlog_file=/var/log/vsftpd/vsftpd.log

idle_session_timeout=600

data_connection_timeout=120

ascii_upload_enable=NO

ascii_download_enable=NO

nopriv_user=ftp

ftpd_banner=Mighty Movies :)

chroot_list_enable=NO

chroot_local_user=YES

background=YES

listen=YES

ls_recurse_enable=NO
```

And enter these commands:

```
mkdir /home/movies

useradd -d /home/movies -s /bin/false -g ftp downloader

useradd -d /home/movies -s /bin/false -g ftp uploader

chown upload:ftp -R /home/movies

chmod 750 -R /home/movies

passwd downloader

passwd uploader

rc-update add vsftpd default
```

That work?  You'll have to give people the login for the downloader account, but I think this is what you want.  What I've written is thinking along the same lines as what I wrote earlier.  This'll create two user accounts who share a home directory.  I don't know if this works or not -- if it doesn't I'd make one home directory a subdirctory of the other.  Anyrate, one has rwx access to "his" home directory, the other has only r-x.  Should work.  Just make sure you do this after a file's been uploaded: chmod -R 750 /home/movies/ (I'm not sure what the permissions VSFTPD sets are).Last edited by wjholden on Wed Mar 23, 2005 8:19 am; edited 1 time in total

----------

## Mighty3k

What did I do wrong if I can't login with the downloader/uploader account? ^^

THANK YOU!! very much btw. 

don't know if I did something wrong or if you missed something.

However it feels like some progress are made  :Smile: 

----------

## wjholden

Well, first thing is to make sure that the VSFTPD daemon is started:

```
/etc/init.d/vsftpd status
```

It should say:

```
gentoobox john # /etc/init.d/vsftpd status

 * status:  started
```

If that's good, then let's look into those user accounts.  It may be the case that you cannot use /bin/false for a users shell.  If that is the case, the most obvious thing is to change it.  There's tons of shells...I know you've got Bash installed so let's do that:

```
usermod -s /bin/bash downloader

usermod -s /bin/bash uploader
```

The only problem with this is that these users can now login on your local system.  But if you're not using SSH then that isn't a problem.  I think you can also deny a user SSH access, but I don't know how.

That work?

----------

## Mighty3k

THANK YOU!!

You are seriously my god!!  :Very Happy: 

It works!

----------

## wjholden

Yayyyayy!  Glad I could help!  Now to reuse what I wrote in a howto on my website...  :Smile: 

----------

## Mighty3k

Just one more question ;P

The server works just fine locally, but not from outside my network.

Port 20-21 are redirected to the server but I still get "Connection refused" messages..

Are vsftpd using other ports or, yeah.. how do I fix it? ^^

----------

## wjholden

In the config file I see these that you could play with.  Do you have a firewall for your network blocking port 21?

```
# Make sure PORT transfer connections originate from port 20 (ftp-data).

#connect_from_port_20=YES

# Default umask for local users is 077. You may wish to change this to 022,

# if your users expect that (022 is used by most other ftpd's)

#local_umask=022
```

What do you think: http://gentoobox.rh.ncsu.edu/vsftpd-help.html ?

Edit: sorry I never updated the link: http://wjholden.com/vsftpd-help.htmlLast edited by wjholden on Sun Apr 08, 2007 7:33 pm; edited 1 time in total

----------

## Mighty3k

As I said port 20-21 are redirected to my server.

And I added the connect_from_port_20=YES to my config. 

It doesn't make any difference.  :Sad: 

----------

## wjholden

I think I made a mistake with this. *destuxor wrote:*   

> echo uploader >> /etc/vsftpd/ftpusers
> 
> echo downloader >> /etc/vsftpd/ftpusers

 Open /etc/vsftpd/ftpusers and remove downloader and uploader from this.  I apologize  :Embarassed:     I got mixed up somehow.  /etc/vsftpd/ftpusers is a file that specifies users that cannot get FTP access.

For security, you may want to add your "real" user account to this list, that way someone couldn't possibly hijack the machine that way.  Having a wheel (or *shudder* sudo) user with FTP access isn't a great idea in terms of security.

----------

## Mighty3k

Haha, it was my friends computer that was screwed up  :Razz: 

I managed to connect today, but it seems like the user uploader has no permissions at all, can't list directories, download, upload.. anything.. :S

How do I change the permissions?

Btw, I haven't checked what downloader can do..

----------

## wjholden

Does adding this to the config fix it?

```
# Activate directory messages - messages given to remote users when they

# go into a certain directory.

dirmessage_enable=YES
```

You'll have to restart the daemon after this with the command /etc/init.d/vsftpd restart

I think you still need to remove downloader and uploader from /etc/vsftpd/ftpusers

----------

## Mighty3k

actually, when I looked in ftpusers, they were not there^^

I musted av missed the part where I was supposed to get it there ;D

but even after adding that to the file it didn't work.. dirmessage stuff..

----------

## wjholden

Ugh.  Now I don't know.  Can you tell me if there's anything in /var/log/vsftpd/vsftpd.log of interest?  Also, perhaps those users can't be members of the ftp group. Just a thought.  Maybe create a new group (say, ftpers) and change those users' group with the usermod -g command?

----------

## Mighty3k

Ok. This is wierd. Maybe?

I have access to "do" stuff if I login from my local network. However, if someone from outside logs in they can't even list the directory...

----------

## wjholden

Made any progress?  This sounds like a firewall/router problem not a software configuration issue.

----------

## Mighty3k

Yeah!

It must be..

I get some "500 OOPS" erroer something when I try to do something from outside my network...

----------

## wjholden

Were you ever able to get this working?

----------

## Mighty3k

No.. :S

I could log in from outside my network, but I didn't have any privs. Which I had if I logged in from my local network.

However my computer totaly freaked out and started rebooting shortly after and it still does.. So I haven't had any chance to try anymore..

----------

## wjholden

 *Mighty3k wrote:*   

> No.. :S
> 
> I could log in from outside my network, but I didn't have any privs. Which I had if I logged in from my local network.
> 
> However my computer totaly freaked out and started rebooting shortly after and it still does.. So I haven't had any chance to try anymore..

 

Ummm wow.  Is there any error message when it reboots?  If not I'd blame hardware.

Also, is it possible that your ISP has blocked port 21?

----------

## Mighty3k

There is no time to see, it just goes black, instantly. So I guess it's the hardware.

No, I don't think so. I used to tun FTP on my mac before without any problems.

----------

## wjholden

Well for the hardware...I guess the first thing would be ensure it is a hardware problem by booting Knoppix, or, better, running memtest.  You might want to open the case and make sure there isn't a bunch of dust on the RAM or something.  I know it sounds stupid, but I've encountered problems with that before.

----------

## Mighty3k

Everything seems to be ok inside the case.. Nothing visual.. My guess though, is that the CPU is overheated..

It's almost always when doing heavy stuff like merging apps it reboots.. But it's kinda weird though, that it started rebooting like hell for a while.. then I could merge som apps.. after a few days it started rebooting again.. and some apps could easily be merged, and some would come half way.. ^^

----------

## Mighty3k

I've gotten another computer up'n runnting now.

Installed gentoo from stage 3 and installed vsftpd, followed your instructions.

However when I try to start vsftpd I get the error "Unrecognized variable local_enable" - I've triple checked that I've written everything correctly.. what could be wrong then? ^^

----------

## wjholden

Maybe local_enable=YES has been deprecated or something...see man vsftpd.conf

----------

## Mighty3k

I just rewrote the file and it worked, weird..

However I think it works now!  :Very Happy: 

Thank you for all your help!!!

----------

## CosminG

 *destuxor wrote:*   

> See if this works for /etc/vsftpd/vsftpd.conf:
> 
> ```
> # /etc/vsftpd/vsftpd.conf - destuxor - 3/20/2005
> 
> ...

 

Thanks man that helped me too  :Wink: 

----------

## wjholden

Wow I never updated the link: http://wjholden.com/vsftpd-help.html

----------

