• Sales: 1-800-961-2888
  • Support: 1-800-961-4454

Feedback

Let us know what you think of our Knowledge Center!

Open Cloud Community

Learn about Rackspace products, ask questions, and share your knowledge in our Open Cloud Community.

Rackspace Cloud Essentials 5 - CentOS - Configuring a user in vsftpd

  • Article ID: 274
  • Last updated on August 10, 2012
  • Authored by: Rackspace Support
  • (6 Comments)

In the last article, CentOS - Installing vsftpd, we walked through setting up a working install of vsftpd. This article will be fairly short, we're going to walk through creating a system user and chrooting (jail - isolation to their home directory) them if necessary.

Contents

Add your system User

Yes, it is this simple, creating a new user for ftp access in vsftpd is as easy as creating a new valid linux system user.

    # useradd test
    # passwd test

Disable SSH access for FTP users

The default user creation script will give a user the /bin/bash shell, which can be a little too powerful.  If you don't want your users logging into your server via SSH, we need to know how to block this access.  If you change the shell to /bin/false, the users will only be able to login via ftp or mail if you have that setup. Here is how to modify your users:

usermod -s /sbin/nologin test

Chroot a user

Alright and probably the most important part of this article is the ability to lock a user down to their own home directory so they don't go around mucking with things they aren't supposed to. The beauty of this is it is a function built in to vsftpd and was partially covered in the Installing vsftpd article. All you have to do is add the username to the file /etc/vsftpd/chroot_list, each user on their own line.

That pretty much covers it for vsftpd, and at this point you should be able to create a new system user, set them up for vsftpd and do some basic tweaks to their access level.  These last two articles dealt with vsftpd in a CentOS Linux system.  Now we will show you how to install vsftpd on a server running Ubuntu.



© 2011-2013 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER

6 Comments

OK, big newbie so following bit by bit

This worked and I could log in and upload a file, but where was the user set a home directory?
I can't work out where the file is in the structure
By Mark on Jul. 30, 2012

The ftp server is using the home directory information from the system for that user. Usually that's going to be "/home/username". If it's not there, then check the /etc/passwd file to see where it's set the user's home directory. "grep username /etc/passwd" is the easiest way to see the entry for that user - the fields are separated by colons (":"), and the home directory is the sixth field.
By jered.heeschen on Jul. 30, 2012

You can add the user and configure both the homefolder and group all in the same command:
useradd -d /var/www/html/ -s /bin/false -g groupname username

replace "/var/www/html/" with the path to home folder
replace "groupname" with the users group
replace "username" with the user name you want to create.

--

If the user already exists use:
usermod -g groupname username

--

Google and the man command are your best friends. :-)
By ryan on Jul. 30, 2012

Thanks for sharing this info... make thing simpler.

If a noob like me read this it might confuse. Specially because does not mentioned how to set the home directory, so I figure it out with your comment. Just do

<code># usermod -d /var/www/html/folderforuser username</code>

Just change 'folderforuser' for the actual folder your assigning to the user and change 'username' for the user created previously

Thanks ryan, for your input.
By Rafael on Jul. 30, 2012

How would I go about also adding permissions to edit a websites files as well as their own directory?
My test user is "eric". His home dir is "/home/eric".
Mt test website is in "/var/www/rs-cloudtest1.com/html".
If I run this code:
usermod -d /var/www/rs-cloudtest1.com/html eric
Will that prevent him from accessing his own folder "/home/eric" ?

thanks
By Eric on Jan. 2, 2013

You would need to set the ownership and permissions on the website's files and directory to let the user edit them. The simplest approach would be to put the website's files into a group, set the file permissions to be group-writable, then add the user to that group. The process is described in this article:

http://www.rackspace.com/knowledge_center/article/virtual-hosts-permissions

For a more in-depth discussion of how Linux file permissions work you can read this article series:

http://www.rackspace.com/knowledge_center/article/linux-file-permission-concepts
By jered.heeschen on Jan. 2, 2013

Add new comment